Recent vulnerabilities
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| ghsa-5hxh-h45m-v2x7 (github) | Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulne... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-57pf-vwc9-7j4j (github) | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-5353-75jj-p244 (github) | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-4mf4-x557-4pq9 (github) | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-4cp9-p4g4-xxpg (github) | Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerabili... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-3vr8-mxjc-h34x (github) | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:20Z |
| ghsa-3rp8-5q68-6m8w (github) | Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-3h38-466h-xfcc (github) | Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerabil... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-39rc-9px7-4cc5 (github) | Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-3472-96gw-hx24 (github) | Tungsten Automation Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-33g4-8f6m-m4gq (github) | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-2wwj-xcj9-m7p7 (github) | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-2vgw-86f4-x4x6 (github) | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerab... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-2fqc-88rx-cc45 (github) | Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. ... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-26pv-m6p4-24p9 (github) | Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability... | 2024-11-22T21:32:20Z | 2024-11-22T21:32:20Z |
| ghsa-x943-wjcx-6wrv (github) | PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vul... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-x7mj-r2cp-pv8c (github) | PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-wqwx-2q3h-582h (github) | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-w6wr-rvjr-vqcm (github) | PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-vcrf-vfc8-wvm5 (github) | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This... | 2024-11-22T21:32:18Z | 2024-11-22T21:32:19Z |
| ghsa-vc5q-m359-46xj (github) | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This ... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-v259-7c7m-x3q9 (github) | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-rvgw-vpfm-x6vv (github) | PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-r864-j7x7-66f2 (github) | Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerabilit... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-r5f8-46f5-h4jg (github) | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This ... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-q842-x9v4-3f8c (github) | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-q5px-fpgh-4rxw (github) | Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion V... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-q23h-296p-m22r (github) | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vuln... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-pwwx-xw8c-97hj (github) | PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnera... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ghsa-prhx-whmf-2rx6 (github) | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This ... | 2024-11-22T21:32:19Z | 2024-11-22T21:32:19Z |
| ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Update Date |
|---|---|---|---|---|---|---|
| cve-2023-42756 (NVD) | CVSS-v3.1: 4.4 | Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 |
2023-09-28T13:55:37.430Z | 2024-11-23T00:24:45.424Z |
| cve-2023-6531 (NVD) | CVSS-v3.1: 7 | Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 |
2024-01-21T10:01:07.215Z | 2024-11-23T00:24:27.253Z |
| cve-2023-3576 (NVD) | CVSS-v3.1: 5.5 | Libtiff: memory leak in tiffcrop.c |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 |
2023-10-04T18:02:23.926Z | 2024-11-23T00:18:42.787Z |
| cve-2023-4456 (NVD) | CVSS-v3.1: 5.7 | Openshift-logging: lokistack authorisation is cached too broadly |
Red Hat Red Hat Red Hat |
RHOL-5.5-RHEL-8 RHOL-5.6-RHEL-8 RHOL-5.7-RHEL-8 |
2023-08-21T15:19:22.208Z | 2024-11-23T00:16:34.674Z |
| cve-2023-4042 (NVD) | CVSS-v3.1: 5.5 | Ghostscript: incomplete fix for cve-2020-16305 |
Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 |
2023-08-23T12:19:29.156Z | 2024-11-23T00:14:52.531Z |
| cve-2023-38201 (NVD) | CVSS-v3.1: 6.5 | Keylime: challenge-response protocol bypass during agent registration |
Red Hat |
Red Hat Enterprise Linux 9 |
2023-08-25T16:15:39.449Z | 2024-11-23T00:13:55.292Z |
| cve-2023-38200 (NVD) | CVSS-v3.1: 7.5 | Keylime: registrar is subject to a dos against ssl connections |
Red Hat |
Red Hat Enterprise Linux 9 |
2023-07-24T15:19:19.291Z | 2024-11-23T00:13:31.149Z |
| cve-2023-4380 (NVD) | CVSS-v3.1: 6.3 | Platform: token exposed at importing project |
Red Hat Red Hat |
Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
2023-10-04T14:24:35.121Z | 2024-11-23T00:12:44.378Z |
| cve-2024-0567 (NVD) | CVSS-v3.1: 7.5 | Gnutls: rejects certificate chain with distributed trust |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.2 Extended Update Support RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat OpenShift Container Platform 3.11 |
2024-01-16T14:01:59.178Z | 2024-11-23T00:10:26.501Z |
| cve-2024-0553 (NVD) | CVSS-v3.1: 7.5 | Gnutls: incomplete fix for cve-2023-5981 |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.2 Extended Update Support RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 |
2024-01-16T11:40:50.677Z | 2024-11-23T00:10:16.608Z |
| cve-2023-5981 (NVD) | CVSS-v3.1: 5.9 | Gnutls: timing side-channel in the rsa-psk authentication |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.2 Extended Update Support RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHODF-4.15-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 RHOL-5.8-RHEL-9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 |
2023-11-28T11:49:50.138Z | 2024-11-23T00:09:08.520Z |
| cve-2023-38559 (NVD) | CVSS-v3.1: 5.5 | Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos |
Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 |
2023-08-01T16:49:47.537Z | 2024-11-23T00:08:15.789Z |
| cve-2023-3899 (NVD) | CVSS-v3.1: 7.8 | Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat Enterprise Linux 6 |
2023-08-23T10:49:11.684Z | 2024-11-23T00:07:47.908Z |
| cve-2023-4147 (NVD) | CVSS-v3.1: 7.8 | Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 |
2023-08-07T13:19:43.593Z | 2024-11-23T00:02:59.456Z |
| cve-2023-3971 (NVD) | CVSS-v3.1: 7.3 | Controller: html injection in custom login info |
Red Hat Red Hat Red Hat Red Hat |
Red Hat Ansible Automation Platform 2.3 for RHEL 8 Red Hat Ansible Automation Platform 2.3 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
2023-10-04T14:26:01.621Z | 2024-11-23T00:01:43.067Z |
| cve-2023-4066 (NVD) | CVSS-v3.1: 5.5 | Operator: passwords defined in secrets shown in statefulset yaml |
Red Hat Red Hat Red Hat |
RHEL-8 based Middleware Containers RHEL-8 based Middleware Containers Red Hat AMQ Broker 7 |
2023-09-27T20:54:42.212Z | 2024-11-22T23:58:09.296Z |
| cve-2023-4065 (NVD) | CVSS-v3.1: 5.5 | Operator: plaintext password in operator log |
Red Hat Red Hat Red Hat |
RHEL-8 based Middleware Containers RHEL-8 based Middleware Containers Red Hat AMQ Broker 7 |
2023-09-26T13:25:23.092Z | 2024-11-22T23:58:07.331Z |
| cve-2023-3347 (NVD) | CVSS-v3.1: 5.9 | Samba: smb2 packet signing is not enforced when "server signing = required" is set |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Storage 3 |
2023-07-20T14:54:05.525Z | 2024-11-22T23:57:41.311Z |
| cve-2023-3637 (NVD) | CVSS-v3.1: 4.3 | Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277) |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat OpenStack Platform 16.2 Red Hat OpenStack Platform 13 (Queens) Operational Tools Red Hat OpenStack Platform 16.1 Red Hat OpenStack Platform 17.0 Red Hat OpenStack Platform 17.1 Red Hat OpenStack Platform 18.0 |
2023-07-25T12:47:31.531Z | 2024-11-22T23:55:31.153Z |
| cve-2023-34968 (NVD) | CVSS-v3.1: 5.3 | Samba: spotlight server-side share path disclosure |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Storage 3 |
2023-07-20T14:58:59.825Z | 2024-11-22T23:29:09.296Z |
| cve-2023-34967 (NVD) | CVSS-v3.1: 5.3 | Samba: type confusion in mdssvc rpc service for spotlight |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Storage 3 |
2023-07-20T14:57:45.624Z | 2024-11-22T23:28:55.353Z |
| cve-2023-34966 (NVD) | CVSS-v3.1: 7.5 | Samba: infinite loop in mdssvc rpc service for spotlight |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Storage 3 |
2023-07-20T14:56:14.644Z | 2024-11-22T23:28:53.308Z |
| cve-2022-2127 (NVD) | CVSS-v3.1: 5.9 | Samba: out-of-bounds read in winbind auth_crap |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Storage 3 |
2023-07-20T14:49:49.422Z | 2024-11-22T23:28:25.287Z |
| cve-2024-0122 (NVD) | CVSS-v3.1: 7.6 | NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. |
NVIDIA |
DLS component of NVIDIA License System |
2024-11-22T23:23:23.218Z | 2024-11-22T23:23:23.218Z |
| cve-2024-0138 (NVD) | CVSS-v3.1: 9.8 | NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. |
NVIDIA |
Base Command Manager |
2024-11-22T23:21:31.648Z | 2024-11-22T23:21:31.648Z |
| cve-2024-11296 (NVD) | N/A | {'providerMetadata': {'orgId': 'b15e7b5b-3da4-40ae-a43c-f7aa60e62599', 'shortName': 'Wordfence', 'dateUpdated': '2024-11-22T23:07:22.177Z'}, 'rejectedReasons': [{'lang': 'en', 'value': '** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.'}]} | N/A | N/A | 2024-11-22T23:07:22.177Z | |
| cve-2024-11298 (NVD) | N/A | {'providerMetadata': {'orgId': 'b15e7b5b-3da4-40ae-a43c-f7aa60e62599', 'shortName': 'Wordfence', 'dateUpdated': '2024-11-22T23:04:09.217Z'}, 'rejectedReasons': [{'lang': 'en', 'value': '** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.'}]} | N/A | N/A | 2024-11-22T23:04:09.217Z | |
| cve-2023-4061 (NVD) | CVSS-v3.1: 6.5 | Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
EAP 7.4.13 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Red Hat JBoss Enterprise Application Platform 8 |
2023-11-08T00:56:05.124Z | 2024-11-22T23:02:03.643Z |
| cve-2024-50054 (NVD) | CVSS-v3.1: 7.5 CVSS-v4.0: 8.7 | mySCADA myPRO Path Traversal |
mySCADA mySCADA |
myPRO Manager myPRO Runtime |
2024-11-22T22:22:08.207Z | 2024-11-22T22:22:08.207Z |
| cve-2024-47138 (NVD) | CVSS-v3.1: 9.8 CVSS-v4.0: 9.3 | mySCADA myPRO Missing Authentication for Critical Function |
mySCADA mySCADA |
myPRO Manager myPRO Runtime |
2024-11-22T22:19:52.736Z | 2024-11-22T22:19:52.736Z |
| ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Update Date |
|---|---|---|---|---|---|---|
| cve-2024-52581 (NVD) | Litestar allows unbounded resource consumption (DoS vulnerability) |
litestar-org |
litestar |
2024-11-20T20:50:19.679Z | 2024-11-21T14:38:42.858Z | |
| cve-2018-9440 (NVD) | N/A | In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. |
Google |
Android |
2024-11-19T22:18:01.261Z | 2024-11-20T20:33:44.390Z |
| cve-2018-9456 (NVD) | N/A | In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T22:19:46.371Z | 2024-11-21T15:00:42.618Z |
| cve-2018-9466 (NVD) | N/A | In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation. |
Google |
Android |
2024-11-19T22:21:20.706Z | 2024-11-20T15:25:03.308Z |
| cve-2018-9467 (NVD) | N/A | In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T23:57:44.584Z | 2024-11-21T15:33:34.617Z |
| cve-2018-9424 (NVD) | N/A | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T21:23:35.724Z | 2024-11-20T15:30:30.046Z |
| cve-2018-9371 (NVD) | N/A | In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation. |
Google |
Android |
2024-11-19T19:22:26.550Z | 2024-11-20T20:04:52.809Z |
| cve-2018-9370 (NVD) | N/A | In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
Google |
Android |
2024-11-19T19:20:49.972Z | 2024-11-21T15:15:52.899Z |
| cve-2018-9369 (NVD) | N/A | In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
Google |
Android |
2024-11-19T19:17:52.251Z | 2024-11-21T15:18:15.122Z |
| cve-2018-9368 (NVD) | N/A | In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T19:16:25.726Z | 2024-11-21T15:28:10.145Z |
| cve-2024-9442 (NVD) | F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
faktorvier |
F4 Improvements |
2024-11-21T02:06:42.994Z | 2024-11-21T11:40:09.934Z | |
| cve-2018-9366 (NVD) | N/A | In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T19:13:00.352Z | 2024-11-20T15:59:21.871Z |
| cve-2018-9367 (NVD) | N/A | In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T19:15:12.182Z | 2024-11-21T15:49:25.966Z |
| cve-2018-9364 (NVD) | N/A | In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation. |
Google |
Android |
2024-11-19T19:10:07.411Z | 2024-11-20T16:06:50.949Z |
| cve-2024-9542 (NVD) | Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template |
techfyd |
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) |
2024-11-21T11:02:19.986Z | 2024-11-21T14:00:31.457Z | |
| cve-2024-9766 (NVD) | CVSS-v3.0: 7.8 | Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability |
Wacom |
Center |
2024-11-22T21:02:41.157Z | 2024-11-22T21:02:41.157Z |
| cve-2024-9764 (NVD) | CVSS-v3.0: 7.8 | Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:17.678Z | 2024-11-22T21:02:17.678Z |
| cve-2024-9763 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:05.773Z | 2024-11-23T01:26:28.200Z |
| cve-2024-9762 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:02.202Z | 2024-11-23T01:26:28.525Z |
| cve-2024-9761 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:31.072Z | 2024-11-22T21:02:31.072Z |
| cve-2024-9760 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:01:58.175Z | 2024-11-23T01:26:28.654Z |
| cve-2024-9759 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:01:54.750Z | 2024-11-23T01:26:28.754Z |
| cve-2024-9758 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:13.522Z | 2024-11-23T01:26:27.842Z |
| cve-2024-9757 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:34.286Z | 2024-11-22T21:02:34.286Z |
| cve-2024-9755 (NVD) | CVSS-v3.0: 7.8 | Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:37.480Z | 2024-11-22T21:02:37.480Z |
| cve-2024-9754 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:01:50.825Z | 2024-11-23T01:26:28.861Z |
| cve-2024-9753 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:09.752Z | 2024-11-23T01:26:27.958Z |
| cve-2024-9752 (NVD) | CVSS-v3.0: 3.3 | Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:01:46.928Z | 2024-11-23T01:26:28.981Z |
| cve-2024-9751 (NVD) | CVSS-v3.0: 7.8 | Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:02:20.786Z | 2024-11-22T21:02:20.786Z |
| cve-2024-9750 (NVD) | CVSS-v3.0: 7.8 | Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
Tungsten Automation |
Power PDF |
2024-11-22T21:01:25.346Z | 2024-11-22T21:01:25.346Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| pysec-2012-31 | libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used ... | 2012-03-19T19:55:00Z | 2024-11-21T14:22:51.617446Z |
| pysec-2012-30 | The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authent... | 2012-11-11T13:00:00Z | 2024-11-21T14:22:51.113933Z |
| pysec-2012-29 | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authent... | 2012-11-11T13:00:00Z | 2024-11-21T14:22:51.054769Z |
| pysec-2023-269 | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use ... | 2023-08-24T23:15:00+00:00 | 2024-11-21T14:22:50.995218+00:00 |
| pysec-2021-888 | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from ... | 2021-07-20T07:15:00+00:00 | 2024-11-21T14:22:50.934313+00:00 |
| pysec-2022-43135 | FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafte... | 2022-03-11T00:15:00Z | 2024-11-21T14:22:50.654358Z |
| pysec-2022-43134 | The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserte... | 2022-08-27T20:15:00Z | 2024-11-21T14:22:50.316894Z |
| pysec-2021-887 | GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c. | 2021-05-27T11:15:00Z | 2024-11-21T14:22:50.881327Z |
| pysec-2021-886 | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a ... | 2021-07-13T22:15:00Z | 2024-11-21T14:22:50.153222Z |
| pysec-2021-885 | A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers ... | 2021-08-19T22:15:00Z | 2024-11-21T14:22:50.094265Z |
| pysec-2021-884 | A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attac... | 2021-08-23T22:15:00Z | 2024-11-21T14:22:50.034285Z |
| pysec-2019-250 | GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strnc... | 2019-01-21T06:29:00Z | 2024-11-21T14:22:50.820785Z |
| pysec-2018-149 | The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input Duri... | 2018-06-26T16:29:00Z | 2024-11-21T14:22:50.762055Z |
| pysec-2014-101 | FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers t... | 2014-11-19T18:59:00Z | 2024-11-21T14:22:50.589801Z |
| pysec-2014-100 | The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAut... | 2014-05-29T14:19:00Z | 2024-11-21T14:22:50.537629Z |
| pysec-2013-36 | The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authori... | 2013-01-27T18:55:00Z | 2024-11-21T14:22:50.474073Z |
| pysec-2006-4 | Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to... | 2006-05-18T23:02:00Z | 2024-11-21T14:22:50.369284Z |
| pysec-2021-883 | An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers t... | 2021-08-23T22:15:00Z | 2024-11-21T14:22:49.973408Z |
| pysec-2021-882 | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in... | 2021-08-23T22:15:00Z | 2024-11-21T14:22:49.911764Z |
| pysec-2020-344 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infin... | 2020-01-27T05:15:00Z | 2024-11-21T14:22:49.729892Z |
| pysec-2019-249 | An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in t... | 2019-02-25T15:29:00Z | 2024-11-21T14:22:49.85073Z |
| pysec-2019-248 | An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStru... | 2019-02-25T15:29:00Z | 2024-11-21T14:22:49.79084Z |
| pysec-2019-247 | Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from... | 2019-10-09T19:15:00Z | 2024-11-21T14:22:49.656989Z |
| pysec-2019-246 | In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage... | 2019-07-28T19:15:00Z | 2024-11-21T14:22:49.597801Z |
| pysec-2019-245 | Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a de... | 2019-07-28T19:15:00Z | 2024-11-21T14:22:49.538663Z |
| pysec-2019-244 | Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. | 2019-07-28T19:15:00Z | 2024-11-21T14:22:49.479201Z |
| pysec-2018-148 | In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor... | 2018-03-30T08:29:00Z | 2024-11-21T14:22:49.400819Z |
| pysec-2018-147 | In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote att... | 2018-03-25T03:29:00Z | 2024-11-21T14:22:49.341312Z |
| pysec-2018-146 | In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2... | 2018-03-25T03:29:00Z | 2024-11-21T14:22:49.282911Z |
| pysec-2018-145 | In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image... | 2018-01-18T07:29:00Z | 2024-11-21T14:22:49.222538Z |
| ID | Description |
|---|---|
| gsd-2024-33739 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33738 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33737 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33736 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33735 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33734 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33733 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33732 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33731 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33730 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33729 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33728 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33727 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33726 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33725 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33724 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33723 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33722 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33721 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33720 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33719 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33718 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33717 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33716 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33715 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33714 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33713 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33712 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33711 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-33710 | The format of the source doesn't require a description, click on the link for more details |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| mal-2024-1125 | Malicious code in sqltest6 (npm) | 2024-03-18T23:51:30Z | 2024-03-18T23:51:31Z |
| mal-2024-1123 | Malicious code in rancho-extensions-app (npm) | 2024-03-18T23:51:30Z | 2024-03-18T23:51:31Z |
| mal-2024-1121 | Malicious code in packagerandomattackertest (npm) | 2024-03-18T23:51:30Z | 2024-03-18T23:51:31Z |
| mal-2024-1120 | Malicious code in functions-workshop (npm) | 2024-03-18T23:51:31Z | 2024-03-18T23:51:31Z |
| mal-2024-1118 | Malicious code in eng-intern-assessment-react-native (npm) | 2024-03-18T23:51:31Z | 2024-03-18T23:51:31Z |
| mal-2024-1117 | Malicious code in custom-header-js (npm) | 2024-03-18T23:51:30Z | 2024-03-18T23:51:31Z |
| mal-2024-1116 | Malicious code in custom-banner-react (npm) | 2024-03-18T23:51:31Z | 2024-03-18T23:51:31Z |
| mal-2024-1115 | Malicious code in bouncifyrn (npm) | 2024-03-18T23:51:30Z | 2024-03-18T23:51:31Z |
| mal-2024-1113 | Malicious code in action-and-block (npm) | 2024-03-18T23:51:31Z | 2024-03-18T23:51:31Z |
| mal-2024-1127 | Malicious code in tslint-slick (npm) | 2024-03-18T23:44:40Z | 2024-03-18T23:44:40Z |
| mal-2024-1126 | Malicious code in tsconfig-slick (npm) | 2024-03-18T23:44:40Z | 2024-03-18T23:44:40Z |
| mal-2024-1114 | Malicious code in babel-preset-slick (npm) | 2024-03-18T23:44:40Z | 2024-03-18T23:44:40Z |
| mal-2024-1112 | Malicious code in abcotv-ads (npm) | 2024-03-18T22:29:23Z | 2024-03-18T22:29:23Z |
| mal-2024-1111 | Malicious code in business-kpi-manager (PyPI) | 2024-03-18T13:50:34Z | 2024-03-18T13:50:34Z |
| mal-2024-1110 | Malicious code in abcotv-constants (npm) | 2024-03-17T18:25:11Z | 2024-03-17T18:25:11Z |
| mal-2024-1152 | Malicious code in discorddevsimple (npm) | 2024-03-17T13:41:14Z | 2024-03-17T13:41:14Z |
| mal-2024-1109 | Malicious code in cert-orchestration-adapter (PyPI) | 2024-03-17T12:16:04Z | 2024-03-17T12:16:04Z |
| mal-2024-1108 | Malicious code in mle-py-connector (PyPI) | 2024-03-17T08:40:45Z | 2024-03-17T08:40:45Z |
| mal-2024-1106 | Malicious code in lyft-stats (PyPI) | 2024-03-17T05:30:48Z | 2024-03-17T05:30:48Z |
| mal-2024-1104 | Malicious code in lyft-exceptions (PyPI) | 2024-03-17T05:25:47Z | 2024-03-17T05:25:47Z |
| mal-2024-1105 | Malicious code in lyft-settings (PyPI) | 2024-03-17T05:25:44Z | 2024-03-17T05:25:44Z |
| mal-2024-1103 | Malicious code in lyft-requests (PyPI) | 2024-03-17T03:45:54Z | 2024-03-17T03:45:54Z |
| mal-2024-1063 | Malicious code in ycs (npm) | 2024-03-08T14:02:57Z | 2024-03-16T13:33:36Z |
| mal-2024-1100 | Malicious code in ouramerica-constants (npm) | 2024-03-15T23:06:07Z | 2024-03-15T23:06:07Z |
| mal-2024-1095 | Malicious code in edgenuity (npm) | 2024-03-14T03:31:05Z | 2024-03-15T05:04:48Z |
| mal-2024-1101 | Malicious code in test12323123 (npm) | 2024-03-15T03:17:08Z | 2024-03-15T03:17:08Z |
| mal-2024-1098 | Malicious code in geico_design_kit2 (npm) | 2024-03-15T01:20:50Z | 2024-03-15T01:20:50Z |
| mal-2024-1097 | Malicious code in geico_design_kit (npm) | 2024-03-15T00:58:33Z | 2024-03-15T00:58:33Z |
| mal-2024-1096 | Malicious code in vinayak (npm) | 2024-03-14T06:08:57Z | 2024-03-14T06:08:57Z |
| mal-2024-1094 | Malicious code in fhir.base.template (npm) | 2024-03-13T22:55:40Z | 2024-03-13T22:55:40Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| wid-sec-w-2024-1373 | Irfan Skiljan IrfanView: Mehrere Schwachstellen ermöglichen Codeausführung | 2024-06-12T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1359 | Pixel Patchday Juni 2024: Mehrere Schwachstellen | 2024-06-11T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1346 | Mozilla Firefox: Mehrere Schwachstellen | 2024-06-11T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1320 | PHP: Mehrere Schwachstellen | 2024-06-06T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1307 | Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen | 2024-06-06T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1269 | Red Hat Enterprise Linux (python-idna): Schwachstelle ermöglicht Denial of Service | 2024-06-02T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1242 | Red Hat Enterprise Linux (rpm-ostree): Schwachstelle ermöglicht Offenlegung von Informationen | 2024-05-28T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1226 | Red Hat OpenShift: Mehrere Schwachstellen | 2024-05-22T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-1084 | Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen | 2024-05-09T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0952 | Ruby: Schwachstelle ermöglicht Offenlegung von Informationen | 2024-04-23T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0914 | Red Hat Enterprise Linux (keycloak): Mehrere Schwachstellen | 2024-04-16T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0910 | Red Hat Single Sign On: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen | 2024-04-16T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0682 | Ruby: Mehrere Schwachstellen | 2024-03-20T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0591 | expat: Schwachstelle ermöglicht Denial of Service | 2024-03-10T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0522 | Red Hat Ansible Automation Platform: Mehrere Schwachstellen | 2024-02-29T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0386 | Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-02-13T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0278 | expat: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-02-04T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2024-0158 | Red Hat Advanced Cluster Management for Kubernetes: Mehrere Schwachstellen | 2024-01-18T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-3177 | Dell BIOS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff | 2023-12-19T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2906 | Intel Prozessoren: Mehrere Schwachstellen | 2023-11-14T23:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2723 | Red Hat Satellite: Mehrere Schwachstellen | 2023-10-22T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2646 | Grafana: Schwachstelle ermöglicht Privilegieneskalation | 2023-10-15T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2618 | http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service | 2023-10-10T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2420 | AMD Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen | 2023-09-20T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2359 | Eclipse Jetty: Mehrere Schwachstellen | 2023-09-14T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2084 | Dell BIOS: Mehrere Schwachstellen | 2023-08-16T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2007 | Intel Prozessoren: Schwachstelle ermöglicht Offenlegung von Informationen | 2023-08-08T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2005 | Intel Xeon Prozessoren: Mehrere Schwachstellen | 2023-08-08T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2003 | Intel BIOS: Mehrere Schwachstellen | 2023-08-08T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| wid-sec-w-2023-2000 | Intel Ethernet Controller: Mehrere Schwachstellen | 2023-08-08T22:00:00.000+00:00 | 2024-06-13T22:00:00.000+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| rhsa-2024_0717 | Red Hat Security Advisory: runc security update | 2024-02-07T13:32:26+00:00 | 2024-11-23T03:56:28+00:00 |
| rhsa-2024_0151 | Red Hat Security Advisory: .NET 7.0 security update | 2024-01-10T15:42:10+00:00 | 2024-11-23T03:56:23+00:00 |
| rhsa-2024_0757 | Red Hat Security Advisory: container-tools:4.0 security update | 2024-02-08T18:41:15+00:00 | 2024-11-23T03:56:22+00:00 |
| rhsa-2024_0670 | Red Hat Security Advisory: runc security update | 2024-02-02T21:05:26+00:00 | 2024-11-23T03:56:18+00:00 |
| rhsa-2024_0156 | Red Hat Security Advisory: .NET 6.0 security update | 2024-01-10T18:19:10+00:00 | 2024-11-23T03:56:13+00:00 |
| rhsa-2024_4429 | Red Hat Security Advisory: containernetworking-plugins security update | 2024-07-09T12:56:47+00:00 | 2024-11-23T03:56:07+00:00 |
| rhsa-2024_0150 | Red Hat Security Advisory: .NET 8.0 security update | 2024-01-10T15:44:52+00:00 | 2024-11-23T03:56:02+00:00 |
| rhsa-2024_2193 | Red Hat Security Advisory: podman security update | 2024-04-30T10:26:58+00:00 | 2024-11-23T03:55:57+00:00 |
| rhsa-2024_2767 | Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update | 2024-05-22T20:14:09+00:00 | 2024-11-23T03:55:47+00:00 |
| rhsa-2024_2180 | Red Hat Security Advisory: runc security update | 2024-04-30T10:27:41+00:00 | 2024-11-23T03:55:47+00:00 |
| rhsa-2024_2729 | Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (etcd) security update | 2024-05-22T20:41:23+00:00 | 2024-11-23T03:55:37+00:00 |
| rhsa-2024_1901 | Red Hat Security Advisory: Red Hat Service Interconnect 1.5.3 Release (images) | 2024-04-18T07:17:25+00:00 | 2024-11-23T03:55:37+00:00 |
| rhsa-2024_2730 | Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update | 2024-05-22T20:41:27+00:00 | 2024-11-23T03:55:28+00:00 |
| rhsa-2024_0281 | Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.2.1 for RHEL 9 | 2024-03-06T14:39:54+00:00 | 2024-11-23T03:55:18+00:00 |
| rhsa-2024_1078 | Red Hat Security Advisory: Service Telemetry Framework 1.5.4 security update | 2024-03-05T00:34:10+00:00 | 2024-11-23T03:55:09+00:00 |
| rhsa-2024_2272 | Red Hat Security Advisory: containernetworking-plugins security update | 2024-04-30T09:51:34+00:00 | 2024-11-23T03:55:05+00:00 |
| rhsa-2024_0269 | Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.0 for RHEL 9 | 2024-02-28T00:20:04+00:00 | 2024-11-23T03:54:57+00:00 |
| rhsa-2024_2245 | Red Hat Security Advisory: buildah security update | 2024-04-30T10:08:31+00:00 | 2024-11-23T03:54:55+00:00 |
| rhsa-2024_2239 | Red Hat Security Advisory: skopeo security update | 2024-04-30T10:14:46+00:00 | 2024-11-23T03:54:45+00:00 |
| rhsa-2023_7200 | Red Hat Security Advisory: OpenShift Container Platform 4.15.z security update | 2024-02-27T22:49:18+00:00 | 2024-11-23T03:54:32+00:00 |
| rhsa-2024_9181 | Red Hat Security Advisory: jose security update | 2024-11-12T08:46:02+00:00 | 2024-11-23T03:53:54+00:00 |
| rhsa-2024_9135 | Red Hat Security Advisory: toolbox security update | 2024-11-12T09:05:01+00:00 | 2024-11-23T03:53:44+00:00 |
| rhsa-2024_8974 | Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.12.0 security and bug fixes | 2024-11-06T20:13:07+00:00 | 2024-11-23T03:53:34+00:00 |
| rhsa-2024_8229 | Red Hat Security Advisory: OpenShift Container Platform 4.17.2 bug fix and security update | 2024-10-23T05:29:09+00:00 | 2024-11-23T03:53:25+00:00 |
| rhsa-2024_8906 | Red Hat Security Advisory: Satellite 6.16.0 release | 2024-11-05T17:49:17+00:00 | 2024-11-23T03:52:57+00:00 |
| rhsa-2024_6687 | Red Hat Security Advisory: OpenShift Container Platform 4.16.13 bug fix and security update | 2024-09-19T05:38:53+00:00 | 2024-11-23T03:52:57+00:00 |
| rhsa-2024_6755 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update | 2024-09-18T11:56:25+00:00 | 2024-11-23T03:52:46+00:00 |
| rhsa-2024_6186 | Red Hat Security Advisory: containernetworking-plugins security update | 2024-09-03T19:57:55+00:00 | 2024-11-23T03:52:40+00:00 |
| rhsa-2024_5094 | Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.0 security update | 2024-08-07T15:39:25+00:00 | 2024-11-23T03:52:33+00:00 |
| rhsa-2024_7179 | Red Hat Security Advisory: OpenShift Container Platform 4.15.35 bug fix and security update | 2024-10-02T05:49:45+00:00 | 2024-11-23T03:52:30+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| icsa-24-011-10 | Siemens SIMATIC | 2024-01-09T00:00:00Z | 2024-01-09T00:00:00Z |
| icsa-24-011-09 | Siemens SIMATIC CN 4100 | 2024-01-09T00:00:00Z | 2024-01-09T00:00:00Z |
| icsa-24-011-08 | Siemens SICAM A8000 | 2024-01-09T00:00:00Z | 2024-01-09T00:00:00Z |
| icsa-24-011-07 | Siemens Spectrum Power 7 | 2024-01-09T00:00:00Z | 2024-01-09T00:00:00Z |
| icsa-24-011-06 | Siemens Teamcenter Visualization and JT2Go | 2024-01-09T00:00:00Z | 2024-01-09T00:00:00Z |
| icsa-24-004-02 | Mitsubishi Electric Factory Automation Products | 2024-01-04T07:00:00.000000Z | 2024-01-04T07:00:00.000000Z |
| icsa-24-004-01 | Rockwell Automation FactoryTalk Activation | 2024-01-04T07:00:00.000000Z | 2024-01-04T07:00:00.000000Z |
| icsa-23-348-15 | Unitronics Vision and Samba Series (Update A) | 2023-12-14T07:00:00.000000Z | 2024-01-04T07:00:00.000000Z |
| icsa-23-355-02 | QNAP VioStor NVR | 2023-12-21T07:00:00.000000Z | 2023-12-21T07:00:00.000000Z |
| icsa-23-355-01 | FXC AE1021/AE1021PE | 2023-12-21T07:00:00.000000Z | 2023-12-21T07:00:00.000000Z |
| icsa-23-353-05 | EuroTel ETL3100 Radio Transmitter | 2023-12-19T07:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsa-23-353-04 | Open Design Alliance Drawing SDK | 2023-12-19T07:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsa-23-353-03 | EFACEC UC 500E | 2023-12-19T07:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsa-23-353-02 | EFACEC BCU 500 | 2023-12-19T07:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsa-23-353-01 | Subnet Solutions Inc. PowerSYSTEM Center | 2023-12-19T07:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsa-23-341-03 | Johnson Controls Metasys and Facility Explorer (Update A) | 2023-12-07T07:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsa-20-303-01 | Mitsubishi Electric MELSEC iQ-R, Q, and L Series (Update D) | 2020-10-29T06:00:00.000000Z | 2023-12-19T07:00:00.000000Z |
| icsma-20-254-01 | Philips Patient Monitoring Devices (Update C) | 2020-09-10T06:00:00.000000Z | 2023-12-14T07:00:00.000000Z |
| icsa-23-348-02 | Johnson Controls Kantech Gen1 ioSmart | 2023-12-14T07:00:00.000000Z | 2023-12-14T07:00:00.000000Z |
| icsa-23-346-01 | Schneider Electric Easy UPS Online Monitoring Software | 2023-12-12T07:00:00.000000Z | 2023-12-12T07:00:00.000000Z |
| icsa-23-348-16 | Siemens SINEC INS | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-14 | Siemens RUGGEDCOM and SCALANCE M-800/S615 Family | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-13 | Siemens SICAM Q100 Devices | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-12 | Siemens SCALANCE and RUGGEDCOM M-800/S615 Family | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-11 | Siemens SINUMERIK | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-10 | Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-09 | Siemens Simantic S7-1500 CPU family | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-08 | Siemens Web Server of Industrial Products | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-07 | Siemens SIMATIC STEP 7 (TIA Portal) | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| icsa-23-348-06 | Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC | 2023-12-12T00:00:00Z | 2023-12-12T00:00:00Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| cisco-sa-expressway-csrf-knnzdmj3 | Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities | 2024-02-07T16:00:00+00:00 | 2024-02-12T17:55:43+00:00 |
| cisco-sa-ftd-snort3acp-bypass-3bdr2beh | Multiple Cisco Products Snort 3 Access Control Policy Bypass Vulnerability | 2023-11-01T16:00:00+00:00 | 2024-02-06T18:30:17+00:00 |
| cisco-sa-cuc-unauth-afu-froyscsd | Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-02-05T17:23:14+00:00 |
| cisco-sa-cucm-rce-bwnzqcum | Cisco Unified Communications Products Remote Code Execution Vulnerability | 2024-01-24T16:00:00+00:00 | 2024-01-30T19:16:46+00:00 |
| cisco-sa-sb-bus-acl-bypass-5zn9hnjk | Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability | 2024-01-24T16:00:00+00:00 | 2024-01-24T16:00:00+00:00 |
| cisco-sa-cuc-xss-9tfuu5ms | Cisco Unity Connection Cross-Site Scripting Vulnerability | 2024-01-24T16:00:00+00:00 | 2024-01-24T16:00:00+00:00 |
| cisco-sa-sdwan-privesc-cli-xkgwmqku | Cisco SD-WAN Software Arbitrary File Corruption Vulnerability | 2022-09-28T16:00:00+00:00 | 2024-01-23T23:05:35+00:00 |
| cisco-sa-sd-wan-file-access-vw36d28p | Cisco SD-WAN Solution Improper Access Control Vulnerability | 2022-04-13T16:00:00+00:00 | 2024-01-23T21:31:33+00:00 |
| cisco-sa-broadworks-xss-6syj82ju | Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Stored Cross-Site Scripting Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-23T17:43:55+00:00 |
| cisco-sa-tms-portal-xss-axnevg3s | Cisco TelePresence Management Suite Cross-Site Scripting Vulnerabilities | 2024-01-10T16:00:00+00:00 | 2024-01-12T15:18:40+00:00 |
| cisco-sa-thouseyes-privesc-dmzhg3qv | Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-sb-wap-inject-bhstwgxo | Cisco WAP371 Wireless Access Point Command Injection Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-pi-epnm-wkzjeyeq | Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-ise-xss-bl4vtml | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-ise-priv-esc-kjlp2aw | Cisco Identity Services Engine Privilege Escalation Vulnerabilities | 2023-09-06T16:00:00+00:00 | 2024-01-08T19:01:50+00:00 |
| cisco-sa-struts-c2kcmkmt | Apache Struts Vulnerability Affecting Cisco Products: December 2023 | 2023-12-12T16:00:00+00:00 | 2023-12-21T22:23:04+00:00 |
| cisco-sa-http2-reset-d8kf32vz | HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 | 2023-10-16T16:00:00+00:00 | 2023-12-21T17:09:38+00:00 |
| cisco-sa-asa-ssl-vpn-y88qom77 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability | 2023-12-05T16:00:00+00:00 | 2023-12-05T16:00:00+00:00 |
| cisco-sa-ftd-icmpv6-dos-4emklun | Cisco Firepower Threat Defense Software and Cisco FirePOWER Services ICMPv6 with Snort 2 Denial of Service Vulnerability | 2023-11-01T16:00:00+00:00 | 2023-11-16T21:10:27+00:00 |
| cisco-sa-uipphone-xss-ncmuykqa | Cisco IP Phone Stored Cross-Site Scripting Vulnerability | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| cisco-sa-secure-endpoint-dos-rzogfknd | Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| cisco-sa-ise-mult-j-kxpnynr | Cisco Identity Services Engine Vulnerabilities | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| cisco-sa-appd-php-authpriv-gebwtvu5 | Cisco AppDynamics PHP Agent Privilege Escalation Vulnerability | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| cisco-sa-accsc-dos-9slzkz8 | Cisco Secure Client Software Denial of Service Vulnerabilities | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| cisco-sa-asa-icmpv6-t5tzqwnd | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ICMPv6 Message Processing Denial of Service Vulnerability | 2023-11-01T16:00:00+00:00 | 2023-11-02T13:50:35+00:00 |
| cisco-sa-asa-webvpn-dos-3ghzqbas | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability | 2023-11-01T16:00:00+00:00 | 2023-11-02T13:47:35+00:00 |
| cisco-sa-asa-webvpn-loeksnmo | Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Client-Side Request Smuggling Vulnerability | 2022-08-10T16:00:00+00:00 | 2023-11-01T16:00:01+00:00 |
| cisco-sa-snort-ftd-zxytnjom | Multiple Cisco Products Snort FTP Inspection Bypass Vulnerability | 2023-11-01T16:00:00+00:00 | 2023-11-01T16:00:00+00:00 |
| cisco-sa-sa-ftd-snort3-urldos-occfqtex | Cisco Firepower Threat Defense Software SSL/TLS URL Category and Snort 3 Detection Engine Bypass and Denial of Service Vulnerability | 2023-11-01T16:00:00+00:00 | 2023-11-01T16:00:00+00:00 |
| cisco-sa-ise-injection-qexegrcw | Cisco Identity Services Engine Command Injection Vulnerabilities | 2023-11-01T16:00:00+00:00 | 2023-11-01T16:00:00+00:00 |
| ID | Description |
|---|---|
| var-201106-0026 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability.". An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following versions are vulnerable: Adobe Flash Player 10.3.181.16 and prior versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 10.3.185.22 and prior versions for Android UPDATE (June 7, 2011): The vendor indicates there may be an impact related to the 'Authplay.dll' component of Adobe Reader and Acrobat X 10.0.3, Reader 9.x and 10.x, and Acrobat 9.x and 10.x. We will update this BID when additional details emerge. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: flash-plugin security update Advisory ID: RHSA-2011:0850-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0850.html Issue date: 2011-06-06 CVE Names: CVE-2011-2107 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This vulnerability is detailed on the Adobe security page APSB11-13, listed in the References section. (CVE-2011-2107) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.181.22 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.181.22-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.22-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.181.22-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.22-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.181.22-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.22-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.181.22-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.22-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.181.22-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.22-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2107.html https://access.redhat.com/security/updates/classification/#important http://www.adobe.com/support/security/bulletins/apsb11-13.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN7OqAXlSAg2UNWIIRApgjAKCldmXlUbDzD/uUwi8XnweoaBZ00gCeIzcZ 1XCuXnfYCW/M6oYmVu+sw+U= =AUfZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: October 13, 2011 Bugs: #354207, #359019, #363179, #367031, #370215, #372899, #378637, #384017 ID: 201110-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a Denial of Service. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Impact ====== By enticing a user to open a specially crafted SWF file a remote attacker could cause a Denial of Service or the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-202005-1028 | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. ISC (Internet Systems Consortium) Provides BIND There are multiple vulnerabilities in. * DNS Insufficient control of name resolution behavior - CVE-2020-8616 * tsig.c Assertion error occurs - CVE-2020-8617The expected impact depends on each vulnerability, but it may be affected as follows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2020:3433-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3433 Issue date: 2020-08-12 CVE Names: CVE-2020-8616 CVE-2020-8617 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: bind-9.9.4-51.el7_4.4.src.rpm noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: bind-9.9.4-51.el7_4.4.src.rpm noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm ppc64le: bind-9.9.4-51.el7_4.4.ppc64le.rpm bind-chroot-9.9.4-51.el7_4.4.ppc64le.rpm bind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm bind-libs-9.9.4-51.el7_4.4.ppc64le.rpm bind-libs-lite-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.ppc64le.rpm bind-utils-9.9.4-51.el7_4.4.ppc64le.rpm x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: bind-9.9.4-51.el7_4.4.src.rpm noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: bind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm bind-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-lite-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-sdb-9.9.4-51.el7_4.4.ppc64le.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.ppc64le.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzPV8dzjgjWX9erEAQgCUA//dmZr/zZbkimNYOaBBZ00RvF26rGRA7yV yVgYREXrAF1lgd78GDJ7rL0Y1r7rIursw/la069kK4F8efbSG4o8b4VUtC85+E+Q O6crm0Dm17ns4a5ix97uliNk+H9tyjKPVW4aQFJujhSD+Dx5y9bOByfv8HFI4oh3 tCWmgFoPjcEpWMuIGR1saqrbFWN1Ukz3867jCLaWUr8b4A7XxngDPwd7qtceLpSW jYt5OaTIhOV3kjICJ5jY69S1D5Ab17/ObGfaq8nOJcRin+XvZgcfgWt00QI+mYkA ex63m8aGGE3o32MCS/6wsGY/4vP8U7XNe19f9JQTG8ZA4S/PdUJW7y5oRFEWgHg7 HtveWp+EkGyOB1HU7dRVVBP1lhMaWlz55WjhBoNc6xjV7Zi3IU/W1O85AOL8VtxX XzI6Gk+FWFOgocfLh7DexFOj+4iCtX7Ew3862PPwME1bXh4ijlKgkYvcotJCLCL6 IQGGLWIjIT8BBr1avjTBn998XBx3UxFzyo4QyQRB38fzKaYRXbMPXNWSmlq1CtA3 U0m5D2TVZGgVEH7/jlWHWzhNpO1TfhHEyyIDHWBpobATTVvToHeCdcQsDbZpuT3/ 8jdswGAx+PKQJI4Q4sPzsfXrXbUew/aS2kybTrkKVuGntIvY0C1EcLYZjbNHEKcG e/FXzzEtVBw\xd4RR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.2) - x86_64 3. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive 5. Bugs fixed (https://bugzilla.redhat.com/): 1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information 5. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Additional Changes: This update also fixes several bugs and adds various enhancements. This advisory contains the following OpenShift Virtualization 2.4.0 images: RHEL-7-CNV-2.4 ============== kubevirt-ssp-operator-container-v2.4.0-71 RHEL-8-CNV-2.4 ============== virt-cdi-controller-container-v2.4.0-29 virt-cdi-uploadproxy-container-v2.4.0-29 hostpath-provisioner-container-v2.4.0-25 virt-cdi-operator-container-v2.4.0-29 kubevirt-metrics-collector-container-v2.4.0-18 cnv-containernetworking-plugins-container-v2.4.0-36 kubevirt-kvm-info-nfd-plugin-container-v2.4.0-18 hostpath-provisioner-operator-container-v2.4.0-31 virt-cdi-uploadserver-container-v2.4.0-29 virt-cdi-apiserver-container-v2.4.0-29 virt-controller-container-v2.4.0-58 virt-cdi-cloner-container-v2.4.0-29 kubevirt-template-validator-container-v2.4.0-21 vm-import-operator-container-v2.4.0-21 kubernetes-nmstate-handler-container-v2.4.0-37 node-maintenance-operator-container-v2.4.0-27 virt-operator-container-v2.4.0-58 kubevirt-v2v-conversion-container-v2.4.0-23 cnv-must-gather-container-v2.4.0-73 virtio-win-container-v2.4.0-15 kubevirt-cpu-node-labeller-container-v2.4.0-19 ovs-cni-plugin-container-v2.4.0-37 kubevirt-vmware-container-v2.4.0-21 hyperconverged-cluster-operator-container-v2.4.0-70 virt-handler-container-v2.4.0-58 virt-cdi-importer-container-v2.4.0-29 virt-launcher-container-v2.4.0-58 kubevirt-cpu-model-nfd-plugin-container-v2.4.0-17 virt-api-container-v2.4.0-58 ovs-cni-marker-container-v2.4.0-38 kubemacpool-container-v2.4.0-39 cluster-network-addons-operator-container-v2.4.0-38 bridge-marker-container-v2.4.0-39 vm-import-controller-container-v2.4.0-21 hco-bundle-registry-container-v2.3.0-497 3. Bugs fixed (https://bugzilla.redhat.com/): 1684772 - virt-launcher images do not have the edk2-ovmf package installed 1716329 - missing Status, Version and Label for a number of CNV components, and Status term inconsistency 1724978 - [RFE][v2v] Improve the way we display progress percent in UI 1725672 - CDI: getting error with "unknown reason" when trying to create UploadTokenRequest for a none existing pvc 1727117 - [RFE] Reduce installed libvirt components 1780473 - Delete VM is hanging if the corresponding template does not exist anymore 1787213 - KubeMacpool may not work from time to time since it is skipped when we face certificate issue. 1789564 - Failed to allocate a SRIOV VF to VMI 1795889 - internal IP shown on VMI spec instead of public one on VMI with guest-agent 1796342 - VM Failing to start since hard disk not ready 1802554 - [SSP] cpu-feature-lahf_lm and Conroe are enabled on one worker (test issue) 1805044 - No mem/filesystem/Network Utilization in VM overview 1806288 - [CDI] fails to import images that comes from url that reject HEAD requests 1806436 - [SSP] Windows common templates - Windows10 should be removed from windows-server* templates, windows-server* should not have desktop version 1811111 - All the VM templates are visible in the developer catalog but not really/easily instantiable 1811417 - Failed to install cnv-2.4 on top of ocp 4.4 (hco operator in crashLoopBackOff state) 1816518 - [SSP] Common templates - template name under objects -> metadata -> labels should be identical to the template actual name 1817080 - node maintenance CRD is marked with NonStructuralSchema condition 1819252 - kubevirt-ssp-operator cannot create ServiceMonitor object 1820651 - CDI import fails using block volume (available size -1) 1821209 - Debug log message looks unprofessional 1822079 - nmstate-handler fails to start and keeps restarting 1822315 - status.desiredState: doesn't pick the correct value and is null 1823342 - Invalid qcow2 image causes HTTP range error and difficult to read stack trace 1823699 - [CNV-2.4] Failing to deploy NetworkAddons 1823701 - [CNV-2.4] when a single component is failing, HCO can continue reporting outdated negative conditions also on other components 1825801 - [CNV-2.4] Failing to deploy due issues in CRD of cluster network operator 1826044 - [CNV-2.4] Failing to deploy due issues in CRD of cluster host-path-provisioner operator 1827257 - VMs' connectivity is available even the two VMs are in different vlan 1828401 - misconfigured prow job e2e-aws-4.5-cnv resulting in step e2e-aws failed: step needs a lease but no lease client provided 1829376 - VMs with blank block volumes fail to spin up 1830780 - virt-v2v-wrapper - 0% VM migration progress in UI 1831536 - kubevirt-{handler,apiserver,controller} service accounts added to the privileged SCC 1832179 - [virt] VM with runStrategy attribute (instead of 'running' attribute) does not have 'RUNNING' state in cli 1832283 - [SSP operator] Common templates and template_validator are missing after clean installation 1832291 - SSP installation is successful even with some components missing 1832769 - [kubevirt version] is not reported correctly 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1833376 - Hardcoded VMware-vix-disklib version 6 - import fail with version 7 1833786 - kubevirt hyperconverged-cluster-operator deploy_marketplace.sh fails in disconnected cluster 1834253 - VMs are stuck in Starting state 1835242 - Can't query SSP CRs after upgrade from 2.3 to 2.4 1835426 - [RFE] Provide a clear error message when VM and VMI name does not match 1836792 - [CNV deployment] kubevirt components are missing 1837182 - VMI virt-launcher reaches Error state after running for 10-24 hours 1837670 - Specifying "Ubuntu 18.04 LTS" force the Conroe CPU model 1838066 - [CNV deployment] kubevirt failing to create cpu-plugin-configmap obsoleteCPUs 1838424 - [Installation] CNV 2.4.0 virt-handler and kubevirt-node-labeller pods are not showing up 1839982 - [CNV][DOC] Lack of explanation for StorageClass default accessMode in openshift-cnv kubevirt-storage-class-defaults 1840047 - [CNV-2.4] virt-handler failing on /usr/bin/container-disk: no such file or directory 1840220 - [CNV-2.4] node-maintenance-operator failing to create deployment - invalid format of manifest 1840652 - Upgrade indication is missing 1841065 - [v2v] RHV to CNV: VM import fail on network mapping validation 1841325 - [CNV][V2V] VM migration fails if VMWare host isn't under Cluster but directly under Datacenter 1841505 - [CNV-2.4] virt-template-validator container fails to start 1842869 - vmi cannot be scheduled, because node labeller doesn't report correct labels 1842958 - [SSP] Fail to create Windows VMs from templates - windows-cd-bus validation added but cdrom is missing from the template 1843219 - node-labeller SCC is privileged, which appears too relaxed 1843456 - virt-launcher goes from running to error state due to panic: timed out waiting for domain to be defined 1843467 - [CNV network KMP] kubemacpool causes worker node to be Ready,SchedulingDisabled 1843519 - HCO CR is not listed when running "kubectl get all" from command line 1843948 - [Network operator] Upgrade from 2.3 to 2.4 - Network operator fails to upgrade ovs-cni pods, upgrade is not completed 1844057 - [CNV-2.4] cluster-network-addons-operator failing to start 1844105 - [SSP operator] Upgrade from 2.3.0 to 2.4.0- SSP operator fails to upgrade node labeller and template validator 1844907 - kubemacpool deployment status errors regarding replicas 1845060 - Node-labeller is in pending state when node doesn't have kvm device 1845061 - Version displayed in Container Native Virtualization OperatorHub side panel 1845477 - [SSP] Template validator fails to "Extract the CA bundle"; template validator is not called when a VM is created 1845557 - [CNV-2.4] template validator webhook fails with certification issues 1845604 - [v2v] RHV to CNV VM import: Prevent a second vm-import from starting. 1845899 - [CNV-2.5] cluster-network-addons-operator failing to start 1845901 - Filesystem corruption related to smart clone 1847070 - vmi cannot be scheduled , qemu-kvm core dump 1847594 - pods in openshift-cnv namespace no longer have openshift.io/scc under metadata.annotations 1848004 - [CNV-2.5] Deployment fails on NetworkAddonsConfigNotAvailable 1848007 - [CNV-2.4] Deployment fails on NetworkAddonsConfigNotAvailable 1848951 - CVE-2020-14316 kubevirt: VMIs can be used to access host files 1849527 - [v2v] [api] VM import RHV to CNV importer should stop send requests to RHV if they are rejected because of wrong user/pass 1849915 - [v2v] VM import RHV to CNV: The timezone data is not available in the vm-import-controller image. 1850425 - [v2v][VM import RHV to CNV] Add validation for network target type in network mapping 1850467 - [v2v] [api] VM import RHV to CNV invalid target network type should not crash the controller 1850482 - [v2v][VM import from RHV to CNV] 2 nics are mapped to a new network though second was mapped to pod. 1850937 - kubemacpool fails in a specific order of components startup 1851856 - Deployment not progressing due to PriorityClass missing 1851886 - [CNV][V2V] VMWare pod is failing when running wizard to migrate from RHV 1852446 - [v2v][RHV to CNV VM import] Windows10 VM import fail on: timezone is not UTC-compatible 1853028 - CNV must-gather failure on CNV-QE BM-RHCOS environment 1853133 - [CNV-2.4] Deployment fails on KubeVirtMetricsAggregationNotAvailable 1853373 - virtctl image-upload fails to upload an image if the dv name includes a "." 1854419 - [Re-brand] Align CSV 1854744 - To stabilize some tests I need to backport PRs which change production code 1855256 - [v2v][RHV to CNV VM import] Empty directories created for vm-import-operator/controller logs in cnv-must-gather 1856438 - [CNAO] Upgrade is not completed (wrong operatorVersion), CR is not updated. 1856447 - CNV upgrade - HCO fails to identify wrong observedVersion in CR, HCO is reported as READY 1856979 - Domain notify errors break VMI migrations and graceful shutdown 5. CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. For the oldstable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6. For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39 tMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF lOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR inKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s kUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp HokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV ssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF Rx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/ FK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o ye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp WIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs= =SqNI -----END PGP SIGNATURE----- |
| var-201911-1619 | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Both Microsoft Windows and Microsoft Windows Server are products of Microsoft Corporation. Microsoft Windows is an operating system for personal devices. Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in Microsoft Windows and Windows Server due to the program's improper handling of objects in memory. An attacker could exploit this vulnerability by logging on to an affected system and running a specially crafted application to cause the targeted system to become unresponsive. The following products and versions are affected: Microsoft Windows 10, Windows 10 Version 1607, Windows 10 Version 1709, Windows 10 Version 1803, Windows 10 Version 1809, Windows 10 Version 1903, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server version 1803, Windows Server version 1903. Bug Fix(es): * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705) 4. ========================================================================== Ubuntu Security Notice USN-4184-2 November 13, 2019 linux, linux-hwe, linux-oem-osp1 vulnerability and regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-hwe: Linux hardware enablement (HWE) kernel - linux-oem-osp1: Linux kernel for OEM processors Details: USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-36-generic 5.0.0-36.39 linux-image-5.0.0-36-generic-lpae 5.0.0-36.39 linux-image-5.0.0-36-lowlatency 5.0.0-36.39 linux-image-generic 5.0.0.36.38 linux-image-generic-lpae 5.0.0.36.38 linux-image-lowlatency 5.0.0.36.38 linux-image-virtual 5.0.0.36.38 Ubuntu 18.04 LTS: linux-image-5.0.0-1028-oem-osp1 5.0.0-1028.32 linux-image-5.0.0-36-generic 5.0.0-36.39~18.04.1 linux-image-5.0.0-36-generic-lpae 5.0.0-36.39~18.04.1 linux-image-5.0.0-36-lowlatency 5.0.0-36.39~18.04.1 linux-image-generic-hwe-18.04 5.0.0.36.94 linux-image-generic-lpae-hwe-18.04 5.0.0.36.94 linux-image-lowlatency-hwe-18.04 5.0.0.36.94 linux-image-oem-osp1 5.0.0.1028.32 linux-image-virtual-hwe-18.04 5.0.0.36.94 Please note that mitigating the TSX (CVE-2019-11135) and i915 (CVE-2019-0154) issues requires corresponding microcode and graphics firmware updates respectively. After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4184-2 https://usn.ubuntu.com/4184-1 CVE-2019-0155, https://bugs.launchpad.net/bugs/1851709, https://bugs.launchpad.net/bugs/1852141 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-36.39 https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-36.39~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1028.32 . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: redhat-release-virtualization-host and redhat-virtualization-host update Advisory ID: RHSA-2019:3860-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2019:3860 Issue date: 2019-11-12 CVE Names: CVE-2018-12207 CVE-2019-11135 ===================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 RHEL 7-based RHEV-H for RHEV 4.2 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS - noarch, x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU) 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA) 6. Package List: Red Hat Virtualization 4.2 Hypervisor for RHEL 7.6 EUS: Source: redhat-release-virtualization-host-4.2-16.1.el7.src.rpm redhat-virtualization-host-4.2-20191107.0.el7_6.src.rpm noarch: redhat-virtualization-host-image-update-4.2-20191107.0.el7_6.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.2-16.1.el7.noarch.rpm x86_64: redhat-release-virtualization-host-4.2-16.1.el7.x86_64.rpm redhat-release-virtualization-host-content-4.2-16.1.el7.x86_64.rpm RHEL 7-based RHEV-H for RHEV 4.2 (build requirements): Source: redhat-release-virtualization-host-4.2-16.1.el7.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.2-16.1.el7.noarch.rpm x86_64: redhat-release-virtualization-host-4.2-16.1.el7.x86_64.rpm Red Hat Virtualization 4 Hypervisor for RHEL 7: Source: redhat-virtualization-host-4.3.6-20191108.0.el7_7.src.rpm noarch: redhat-virtualization-host-image-update-4.3.6-20191108.0.el7_7.noarch.rpm RHEL 7-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.3.6-5.el7ev.src.rpm redhat-virtualization-host-4.3.6-20191108.0.el7_7.src.rpm noarch: redhat-virtualization-host-image-update-4.3.6-20191108.0.el7_7.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.6-5.el7ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.3.6-5.el7ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcsR2tzjgjWX9erEAQiAUA/9E2bx3AwclSdnlsmxzpAWVPiIsGROQ/7/ MIwr58ZcGsC+lXzV7nCo8maOmuDX8nBsJBgct5Jcnh+ZfNCFFDCvstDkLvBVwZsD VN0OIRlxkk7yPowfkrQo8N0wkEIwL+2WIBSdO0ubolhjiLSPxjwl6UvLwnemEHIo 1kfU7/RJD1V8K8jdF5TezPVNSYBOgBFR6kflt6TlSlO3rgQDs17qSrMIZ+PU0g9B lEkOwMSw9UPQsDhaamWD5oUdVy9BO1/CexnIK8dainxasj/D+j2S6X95vICx8nHi WCM90CvOmwLWalwrqAJdTxwlrgvbfBzSeF24Ry2L4oGODH2YFoBMYIZGDTa6op4/ EIotVNsTKKJTdawmGJ/ehIJ0lAbErFwhh126qmPBAi7PvAaVk+g+S7GFMU4XPl38 q08ZPN94dX1BOYRGxctYFgqHz32h11K1cHvSVBwm22XmnNAIZ8nYk4IShzIp3b8M yz2Sn8qXXyNGv2IVVuEK/PfdQAqtjp5576/zNhUC03Ntsx8nc5QqtdVUDJOPbOLN k2SVRUy0mR65vJb2qBGoGzGHsd2QAkJMaPfKFRikgnoEfI6C8yhaLby/mFQOmFtD OKzGxoVvzBTPTU6/9vCvv9xb280qhiDs0dSJwtICLkXaQ3M3/hJsu1XZp/T7tjp1 MW2wQ4SJYW4= =zKEr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. In addition this update provides mitigations for the "TSX Asynchronous Abort" speculative side channel attack. For additional information please refer to https://xenbits.xen.org/xsa/advisory-305.html For the oldstable distribution (stretch), these problems have been fixed in version 4.8.5.final+shim4.10.4-1+deb9u12. Note that this will be the last security update for Xen in the oldstable distribution; upstream support for the 4.8.x branch ended by the end of December 2019. If you rely on security support for your Xen installation an update to the stable distribution (buster) is recommended. For the stable distribution (buster), these problems have been fixed in version 4.11.3+24-g14b62ab3e5-1~deb10u1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl4c7kEACgkQEMKTtsN8 TjYTuQ//R8WXtoC9qnD7wrV1E9skzu0YgXXUJDgaY6V2cTxRZ9n+RC7szVBXqfjJ OzOhNDESTG1aeOg/vnwHgDLMigIe5HlNSYPMXFk9IqOtsRTaP+Ddp1e/msfudYqP rOiI+NzRk2MnFwT348SCuJK7tS/6coj2IECaYc+LOMp05eg+y4r+KLc6FFWm/UEB 9M0SQMv6vMHaSCqJ7OlzE9j1pta3qPHp6vDpDQC0ngjvTJI85Z6l1p2dJ600bcZR Am4nl/1va8Mxc6hFYQ0h8TV2leELsw3B4f5f4LPKh5U7ZiHM5DfWGZLKxf/SJRpf brt0wwYABM0qMqqelrEZOHWqdFg17ozYkNhuUYYLS3P/AWiOZURHq/xszsv98dGh EUzMPL/P0mHyxrOlG8BrhaZ0O2FfAABRdfNDEO4pDGQSFYYpniOW9a+6yZsmKJDg njryOlSwXa/yrqde5JSqDlJFtwnRZu5IhdeCERXfczpauBrqOzUCUX1n72JSrtlD TUeMMj3QBbuLtJhFbQZH+/dqbQlYKu0u7VPA5fP+7nxsG+9NqwRHv6J2lh0YKXYz ej2WFpM+oBpr12dtFx2buZVzZofHGZd5y1kjGq0yRwnBSrdSKYC5dhtX32weHfSL jnN2rWTafoKwSOJvvofoMjmjcYwTfBzorTO1EX01FPxZqy/nrsA=3Qmh -----END PGP SIGNATURE----- |
| var-201505-0337 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow. ICU4C library is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. There is a security vulnerability in the 'resolveImplicitLevels' function in the common/ubidi.c file of the Unicode Bidirectional Algorithm implementation in the ICU4C version prior to ICU 55.1. The vulnerability stems from the fact that the program does not properly orientate and track isolated text fragments. ============================================================================ Ubuntu Security Notice USN-2605-1 May 11, 2015 icu vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: ICU could be made to crash or run programs as your login if it processed specially crafted data. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libicu52 52.1-8ubuntu0.1 Ubuntu 14.10: libicu52 52.1-6ubuntu0.3 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.3 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3323-1 security@debian.org https://www.debian.org/security/ Laszlo Boszormenyi August 01, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icu CVE ID : CVE-2014-6585 CVE-2014-8146 CVE-2014-8147 CVE-2015-4760 Debian Bug : 778511 784773 Several vulnerabilities were discovered in the International Components for Unicode (ICU) library. CVE-2015-4760 The Layout Engine was missing multiple boundary checks. These could lead to buffer overflows and memory corruption. A specially crafted file could cause an application using ICU to parse untrusted font files to crash and, possibly, execute arbitrary code. Additionally, it was discovered that the patch applied to ICU in DSA-3187-1 for CVE-2014-6585 was incomplete, possibly leading to an invalid memory access. This could allow remote attackers to disclose portion of private memory via crafted font files. For the oldstable distribution (wheezy), these problems have been fixed in version 4.8.1.1-12+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 52.1-10. For the unstable distribution (sid), these problems have been fixed in version 52.1-10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. CVE-ID CVE-2015-5916 AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to reset failed passcode attempts with an iOS backup Description: An issue existed in resetting failed passcode attempts with a backup of the iOS device. This was addressed through improved passcode failure logic. CVE-ID CVE-2015-5850 : an anonymous researcher Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Clicking a malicious ITMS link may lead to a denial of service in an enterprise-signed application Description: An issue existed with installation through ITMS links. This was addressed through additional installation verification. CVE-ID CVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc. Audio Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132. CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may read cache data from Apple apps Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5898 : Andreas Kurtz of NESO Security Labs CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook CFNetwork FTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in FTP packet handling if clients were using an FTP proxy. CVE-ID CVE-2015-5912 : Amit Klein CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0. CoreAnimation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: Applications could access the screen framebuffer while they were in the background. This issue was addressed with improved access control on IOSurfaces. CVE-ID CVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University, Feng Bao and Jianying Zhou of Cryptography and Security Department Institute for Infocomm Research CoreCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms. CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team Data Detectors Engine Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org) Dev Tools Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco Game Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser ICU Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2015-1205 IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5848 : Filippo Bigarella IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5867 : moony li of Trend Micro IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5844 : Filippo Bigarella CVE-2015-5845 : Filippo Bigarella CVE-2015-5846 : Filippo Bigarella IOMobileFrameBuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5843 : Filippo Bigarella IOStorageFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AppleID credentials may persist in the keychain after sign out Description: An issue existed in keychain deletion. This issue was addressed through improved account cleanup. CVE-ID CVE-2015-5832 : Kasif Dekel from Check Point Software Technologies JavaScriptCore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5791 : Apple CVE-2015-5793 : Apple CVE-2015-5814 : Apple CVE-2015-5816 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming- chieh Pan and Sung-ting Tsai; Jonathan Levin Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issues was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks. CVE-ID CVE-2015-5748 : Maxime Villard of m00nbsd libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker can send an email that appears to come from a contact in the recipient's address book Description: An issue existed in the handling of the sender's address. This issue was addressed through improved validation. CVE-ID CVE-2015-5857 : Emre Saglam of salesforce.com Multipeer Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd OpenSSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287 PluginKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application can install extensions before the application has been trusted Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification. CVE-ID CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc. removefile Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read Safari bookmarks on a locked iOS device without a passcode Description: Safari bookmark data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the Safari bookmark data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5903 : Jonathan Zdziarski Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Navigating to a malicious website with a malformed window opener may have allowed the display of arbitrary URLs. This issue was addressed through improved handling of window openers. CVE-ID CVE-2015-5905 : Keita Haga of keitahaga.com Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a. Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa Safari Safe Browsing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M of TagsDoc Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to intercept communication between apps Description: An issue existed that allowed a malicious app to intercept URL scheme communication between apps. This was mitigated by displaying a dialog when a URL scheme is used for the first time. CVE-ID CVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-5892 : Robert S Mozayeni, Joshua Donvito SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device can reply to an audio message from the lock screen when message previews from the lock screen are disabled Description: A lock screen issue allowed users to reply to audio messages when message previews were disabled. This issue was addressed through improved state management. CVE-ID CVE-2015-5861 : Daniel Miedema of Meridian Apps SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to spoof another application's dialog windows Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-ID CVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-5895 tidy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5792 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Andrei Neculaesei, Guillaume Ross WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType may learn the last character of a password in a filled-in web form Description: An issue existed in WebKit's handling of password input context. This issue was addressed through improved input context handling. CVE-ID CVE-2015-5906 : Louis Romero of Google Inc. WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to redirect to a malicious domain Description: An issue existed in the handling of resource caches on sites with invalid certificates. The issue was addressed by rejecting the application cache of domains with invalid certificates. CVE-ID CVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptor, Chris Evans WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An issue existed with Content-Disposition headers containing type attachment. This issue was addressed by disallowing some functionality for type attachment pages. CVE-ID CVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz, superhei of www.knownsec.com WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A cross-origin issue existed with "canvas" element images in WebKit. This was addressed through improved tracking of security origins. CVE-ID CVE-2015-5788 : Apple WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU +bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG UYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2 3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM RgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28 Hk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+ 0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD WrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA aW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS 81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST yq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT rHWi1bvzskkrxRfuQ4mX =MnPh -----END PGP SIGNATURE----- . tl;dr heap and integer overflows in ICU, many packages affected, unknown if these can be exploited or not - everyone names vulns nowadays, so I name these I-C-U-FAIL. Hi, I have found two vulnerabilities in the ICU library while fuzzing LibreOffice, full details in the advisory below. Disclosure of these was done initially to LibreOffice and then to distro-security. I then reported it to Chromium, Android and finally CERT, so I ended up breaking the rules of distro-security which requires that any vulnerability reported to the list is made public in 14 days. I apologise for this to oss-security, distro-security and Solar Designer, and will not do it again. A full copy of the advisory below can be found in my repo at https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt. Regards, Pedro >> Heap overflow and integer overflow in ICU library >> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last updated: 04/05/2015 >> Background on the affected products: ICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. ICU is widely portable and gives applications the same results on all platforms and between C/C++ and Java software. This library is used by LibreOffice and hundreds of other software packages. Proof of concept files can be downloaded from [1]. These files have been tested with LibreOffice 4.3.3.2 and LibreOffice 4.4.0-beta2 and ICU 52. Note that at this point in time it is unknown whether these vulnerabilities are exploitable. Thanks to CERT [2] for helping disclose these vulnerabilities. >> Technical details: #1 Vulnerability: Heap overflow CVE-2014-8146 The code to blame is the following (from ubidi.c:2148 in ICU 52): dirProp=dirProps[limit-1]; if((dirProp==LRI || dirProp==RLI) && limit<pBiDi->length) { pBiDi->isolateCount++; pBiDi->isolates[pBiDi->isolateCount].stateImp=stateImp; pBiDi->isolates[pBiDi->isolateCount].state=levState.state; pBiDi->isolates[pBiDi->isolateCount].start1=start1; } else processPropertySeq(pBiDi, &levState, eor, limit, limit); Under certain conditions, isolateCount is incremented too many times, which results in several out of bounds writes. See [1] for a more detailed analysis. #2 Vulnerability: Integer overflow CVE-2014-8147 The overflow is on the resolveImplicitLevels function (ubidi.c:2248): pBiDi->isolates[pBiDi->isolateCount].state=levState.state; pBiDi->isolates[].state is a int16, while levState.state is a int32. The overflow causes an error when performing a malloc on pBiDi->insertPoints->points because insertPoints is adjacent in memory to isolates[]. The Isolate struct is defined in ubidiimp.h:184 typedef struct Isolate { int32_t startON; int32_t start1; int16_t stateImp; int16_t state; } Isolate; LevState is defined in ubidi.c:1748 typedef struct { const ImpTab * pImpTab; /* level table pointer */ const ImpAct * pImpAct; /* action map array */ int32_t startON; /* start of ON sequence */ int32_t startL2EN; /* start of level 2 sequence */ int32_t lastStrongRTL; /* index of last found R or AL */ int32_t state; /* current state */ int32_t runStart; /* start position of the run */ UBiDiLevel runLevel; /* run level before implicit solving */ } LevState; >> Fix: The ICU versions that are confirmed to be affected are 52 to 54, but earlier versions might also be affected. Upgrade to ICU 55.1 to fix these vulnerabilities. Note that there are probably many other software packages that embed the ICU code and will probably also need to be updated. >> References: [1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z [2] https://www.kb.cert.org/vuls/id/602540 . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/icu < 55.1 >= 55.1 Description =========== Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All International Components for Unicode users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/icu-55.1" References ========== [ 1 ] CVE-2014-8146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8146 [ 2 ] CVE-2014-8147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8147 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-201912-0533 | This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure. apple's iOS Exists in a fraudulent authentication vulnerability.Information may be tampered with. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Exchange ActiveSync is one of the Microsoft Exchange synchronization protocols. A security vulnerability exists in the Exchange ActiveSync component of Apple's iOS prior to 12.2. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-1 iOS 12.2 iOS 12.2 is now available and addresses the following: CFString Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher CoreCrypto Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8512: an anonymous researcher, an anonymous researcher FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. CVE-2019-8550: Lauren Guzniczak of Keystone Academy Feedback Assistant Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs Feedback Assistant Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs file Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher GeoServices Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher IOKit SCSI Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing Description: This issue was addressed with improved checks. CVE-2019-7284: Damian Poddebniak of Münster University of Applied Sciences Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang Power Management Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Privacy Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious app may be able to track users between installs Description: A privacy issue existed in motion sensor calibration. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge, Ian Sheret of Polymath Insight Limited ReplayKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access the microphone without indication to the user Description: An API issue existed in the handling of microphone data. CVE-2019-8566: an anonymous researcher Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A website may be able to access sensor information without user consent Description: A permissions issue existed in the handling of motion and orientation data. CVE-2019-8554: an anonymous researcher Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6204: Ryan Pickren (ryanpickren.com) CVE-2019-8505: Ryan Pickren (ryanpickren.com) Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-8551: Ryan Pickren (ryanpickren.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6201: dwfault working with ADLab of Venustech CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8523: Apple CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A website may be able to access the microphone without the microphone use indicator being shown Description: A consistency issue was addressed with improved state handling. CVE-2019-6222: Denis Markov of Resonance Software WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8536: Apple CVE-2019-8544: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cross-origin issue existed with the fetch API. CVE-2019-8515: James Lee (@Windowsrcer) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-7285: dwfault working at ADLab of Venustech CVE-2019-8556: Apple WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8506: Samuel Groß of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-8503: Linus Särud of Detectify WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A validation issue was addressed with improved logic. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt XPC Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Calendar We would like to acknowledge Peter Hempsall of 104days.com, Sascha Mogler of mogler.com, and an anonymous researcher for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Quick Look We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. Screen Time We would like to acknowledge Brandon Moore (@Brandonsecurity) for their assistance. WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7opHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GIIBAA kEosQIr8/w6Qjtw2KzO753EFWM0kp4Ylv1Z0hlrAAX3YROpt18Xq+RWTgJ+3yhXu 136ZfBYEOJx+Jxv7nokB+ZvP1832WqccV1XU4XVxxsGvEshyFeXrIWxHz9a6aTi9 ozTTzJ5N9pZnd+ImJp51TQ8Q38KoqUPMU2stTr/SYE43S/9bz28fFTXHBS6WQBMz fgevfhMV0Ty3QnuIpLeeCZ1SwC51a0yZ/BV88E+G8xgplgh2R8Mc2bZosP8JIjMx 7KdtpBh30+BvB++MzteQG0gE+aIs6p4CLPgzkm67UZApbKIlYJxkZXv/pIy+DdS1 LGwBwZ5TRJ73uAGZO7jtpx6FNN3sSthI84y5x7df+hretVSFTqsEAErcI4Ns8HiD m3Jd3OJxMBEGC7SVz+r8IfkwnyQxurQMDj063ojsT6HBUOTZcYn6VX/h37MCwnO4 +GVFivjZklbp/lt7WiGs2j4mDs7jgt5SsNm0K3Nm/2EOT3I2HNc/8msJBbH/uF9h dVYsC8+7uEDqHIQ30FO2NCUzJrtjWHA1rxLS0XnY1uvv/09LjPMc/Y1VuIuvKSuZ Xv7+V5tCjaZRMow6IwH0qON30O0puRr6YnJchRO7TILCoW5bibzX5oxeJm2E6lsK SjGjz4yWGw+2VFkNkFbbA8OKSZYk4ck2WdWgf6s0Vgc= =VAWG -----END PGP SIGNATURE-----= |
| var-201908-0265 | Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 5. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 6. The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead. For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8 TjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM msNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur wrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W JwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo h0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF SnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp a0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO 2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR XVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH SAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh 3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM -----END PGP SIGNATURE----- . Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11816 - Tracker bug for the RH-SSO 7.3.5 release for RHEL7 7. Each of these container images includes gRPC, which has been updated with the below fixes. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html 4. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: nodejs:10 security update Advisory ID: RHSA-2019:2925-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2925 Issue date: 2019-09-30 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ===================================================================== 1. Summary: An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.src.rpm nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm aarch64: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.aarch64.rpm noarch: nodejs-docs-10.16.3-2.module+el8.0.0+4214+49953fda.noarch.rpm nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm ppc64le: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.ppc64le.rpm s390x: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.s390x.rpm x86_64: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-devel-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZGtHtzjgjWX9erEAQiTyRAAor6sJh3gZ6PZ3xUQhSyFif5kUuLb9dOa gsUrFUW9QjnSD4OeWq0eOJ+W1VkY0WKU0p2KCt4f0R9Msi85EKRzjymM4iv8icMu COL40Wcyvpn2WsdzHrrCT0rM7jiry7YShv/KOlao2wUhkbzs5aHc9D8fBhUvkiCj bHQhrGY+63pnIe6LyCUJ9nEEGPCMaFdpzI+9hDvAevh2ooj6h0PISg/MOb5T7N2z d0RNhrmp5wJUJWbb2hrcnUrbu4CQjf5r44a4R1EdrAL8C+y2vgnVO+wb8RprnMrW 350YueLNrCSYgqeysfbcNG1ccP6iZ/YLCOIOwfb9138cDqelUooAdPKmAj6hY97O pRv1cfc4sBCu1MxhnUgRcY3idmD7qaSbY7lNize04z/HMNK5aq3Kgx5bN/q0OA+n FqWVVCckoFYIn6wWUv1CPlAskpjqns2DPoEd1AUeZH9Efg0JBgKGgQh64T6q20Ua Je5DSConOr149WxNARXWbVz7FhnI+wsDTQzWTk7XuXBfhvSHrfl9tqD444cNP1wm WAvONvS+nlxDOqk4Joo+ZOHA9Wjx/lxciQo6S8aYaQHnCBSUbXAvXjKy0VeoUUdz bD5zrdhbGiSxtR0WNKVP0KVb62P14HGGrceFQRIJPSiqkIrNBS7oeCLuOPpB1QSx J/w0T73QFqQ= =4d1d -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-200103-0056 | Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. Multiple Cisco networking products contain a denial-of-service vulnerability. There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. The SEDUM web server permits intruders to access files outside the web root. Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the CRC32 compensation attack detection code may allow remote attackers to write values to arbitrary locations in memory. This would occur in situations where large SSH packets are recieved by either a client or server, and a 32 bit representation of the SSH packet length is assigned to a 16 bit integer. The difference in data representation in these situations will cause the 16 bit variable to be assigned to zero (or a really low value). As a result, future calls to malloc() as well as an index used to reference locations in memory can be corrupted by an attacker. This could occur in a manner that can be exploited to write certain numerical values to almost arbitrary locations in memory. **UPDATE**: There have been reports suggesting that exploitation of this vulnerability may be widespread. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. Secure Computing SafeWord Agent for SSH is reportedly prone to this issue, as it is based on a vulnerable version of SSH. ** NetScreen ScreenOS is not directly vulnerable to this issue, however the referenced exploit will cause devices using vulnerable versions of the software to stop functioning properly. This will result in a denial of service condition for NetScreen devices. This issue is in the Secure Command Shell (SCS) administrative interface, which is an implementation of SSHv1. SCS is not enabled on NetScreen devices by default. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability. Using a command function such as WM_COPYDATA, it is possible for a message to be sent through the Net DDE Agent to a trusted share with a process associated with that share. Unfortunately NetDDE Agent runs in the LOCAL SYSTEM context, therefore a local user can specify arbitrary code to be run at SYSTEM privileges. An expired public key could cause GPG to fail the encryption of an outgoing message, without any error message or warning being delivered to the user. As a result, the user could transmit data, meant to be encrypted, as plaintext. TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to majordomo@iss.net Contact alert-owner@iss.net for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- ISS X-Force has received reports that some individuals were unable to verify the PGP signature on the Security Alert Summary distributed earlier in the week. Due to this issue, X-Force is re-distributing the Security Alert Summary. We apologize for any inconvience this may have caused. Internet Security Systems Security Alert Summary March 5, 2001 Volume 6 Number 4 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at http://xforce.iss.net/alerts/vol-6_num-4.php _____ Contents 90 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 2/27/01 Vulnerability: a1-server-dos Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server denial of service X-Force URL: http://xforce.iss.net/static/6161.php _____ Date Reported: 2/27/01 Vulnerability: a1-server-directory-traversal Platforms Affected: A1 Server Risk Factor: Medium Attack Type: Network Based Brief Description: A1 Server directory traversal X-Force URL: http://xforce.iss.net/static/6162.php _____ Date Reported: 2/27/01 Vulnerability: webreflex-web-server-dos Platforms Affected: WebReflex Risk Factor: Medium Attack Type: Network Based Brief Description: WebReflex Web server denial of service X-Force URL: http://xforce.iss.net/static/6163.php _____ Date Reported: 2/26/01 Vulnerability: sudo-bo-elevate-privileges Platforms Affected: Sudo Risk Factor: Medium Attack Type: Host Based Brief Description: Sudo buffer overflow could allow elevated user privileges X-Force URL: http://xforce.iss.net/static/6153.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-skin-overwrite-file Platforms Affected: My GetRight Risk Factor: High Attack Type: Network Based Brief Description: My GetRight 'skin' allows remote attacker to overwrite existing files X-Force URL: http://xforce.iss.net/static/6155.php _____ Date Reported: 2/26/01 Vulnerability: mygetright-directory-traversal Platforms Affected: My GetRight Risk Factor: Medium Attack Type: Network Based Brief Description: My GetRight directory traversal X-Force URL: http://xforce.iss.net/static/6156.php _____ Date Reported: 2/26/01 Vulnerability: win2k-event-viewer-bo Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Host Based Brief Description: Windows 2000 event viewer buffer overflow X-Force URL: http://xforce.iss.net/static/6160.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-cpu-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra CPU denial of service X-Force URL: http://xforce.iss.net/static/6159.php _____ Date Reported: 2/26/01 Vulnerability: netscape-collabra-kernel-dos Platforms Affected: Netscape Risk Factor: Medium Attack Type: Network Based Brief Description: Netscape Collabra Server kernel denial of service X-Force URL: http://xforce.iss.net/static/6158.php _____ Date Reported: 2/23/01 Vulnerability: mercur-expn-bo Platforms Affected: MERCUR Risk Factor: High Attack Type: Network Based Brief Description: MERCUR Mailserver EXPN buffer overflow X-Force URL: http://xforce.iss.net/static/6149.php _____ Date Reported: 2/23/01 Vulnerability: sedum-http-dos Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP server denial of service X-Force URL: http://xforce.iss.net/static/6152.php _____ Date Reported: 2/23/01 Vulnerability: tru64-inetd-dos Platforms Affected: Tru64 Risk Factor: Medium Attack Type: Host Based Brief Description: Tru64 UNIX inetd denial of service X-Force URL: http://xforce.iss.net/static/6157.php _____ Date Reported: 2/22/01 Vulnerability: outlook-vcard-bo Platforms Affected: Microsoft Outlook Risk Factor: High Attack Type: Host Based Brief Description: Outlook and Outlook Express vCards buffer overflow X-Force URL: http://xforce.iss.net/static/6145.php _____ Date Reported: 2/22/01 Vulnerability: ultimatebb-cookie-member-number Platforms Affected: Ultimate Bulletin Board Risk Factor: High Attack Type: Network Based Brief Description: Ultimate Bulletin Board cookie allows attacker to change member number X-Force URL: http://xforce.iss.net/static/6144.php _____ Date Reported: 2/21/01 Vulnerability: ultimatebb-cookie-gain-privileges Platforms Affected: Ultimate Bulletin Board Risk Factor: Medium Attack Type: Network Based Brief Description: Ultimate Bulletin Board allows remote attacker to obtain cookie information X-Force URL: http://xforce.iss.net/static/6142.php _____ Date Reported: 2/21/01 Vulnerability: sendmail-elevate-privileges Platforms Affected: Sendmail Risk Factor: High Attack Type: Host Based Brief Description: Sendmail -bt command could allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6147.php _____ Date Reported: 2/21/01 Vulnerability: jre-jdk-execute-commands Platforms Affected: JRE/JDK Risk Factor: High Attack Type: Host Based Brief Description: JRE/JDK could allow unauthorized execution of commands X-Force URL: http://xforce.iss.net/static/6143.php _____ Date Reported: 2/20/01 Vulnerability: licq-remote-port-dos Platforms Affected: LICQ Risk Factor: Medium Attack Type: Network Based Brief Description: LICQ remote denial of service X-Force URL: http://xforce.iss.net/static/6134.php _____ Date Reported: 2/20/01 Vulnerability: pgp4pine-expired-keys Platforms Affected: pgp4pine Risk Factor: Medium Attack Type: Host Based Brief Description: pgp4pine may transmit messages using expired public keys X-Force URL: http://xforce.iss.net/static/6135.php _____ Date Reported: 2/20/01 Vulnerability: chilisoft-asp-view-files Platforms Affected: Chili!Soft ASP Risk Factor: High Attack Type: Network Based Brief Description: Chili!Soft ASP allows remote attackers to gain access to sensitive information X-Force URL: http://xforce.iss.net/static/6137.php _____ Date Reported: 2/20/01 Vulnerability: win2k-domain-controller-dos Platforms Affected: Windows 2000 Risk Factor: once-only Attack Type: Network/Host Based Brief Description: Windows 2000 domain controller denial of service X-Force URL: http://xforce.iss.net/static/6136.php _____ Date Reported: 2/19/01 Vulnerability: asx-remote-dos Platforms Affected: ASX Switches Risk Factor: Medium Attack Type: Network Based Brief Description: ASX switches allow remote denial of service X-Force URL: http://xforce.iss.net/static/6133.php _____ Date Reported: 2/18/01 Vulnerability: http-cgi-mailnews-username Platforms Affected: Mailnews.cgi Risk Factor: High Attack Type: Network Based Brief Description: Mailnews.cgi allows remote attacker to execute shell commands using username X-Force URL: http://xforce.iss.net/static/6139.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-reveal-path Platforms Affected: BadBlue Risk Factor: Low Attack Type: Network Based Brief Description: BadBlue ext.dll library reveals path X-Force URL: http://xforce.iss.net/static/6130.php _____ Date Reported: 2/17/01 Vulnerability: badblue-ext-dos Platforms Affected: BadBlue Risk Factor: Medium Attack Type: Network Based Brief Description: BadBlue ext.dll library denial of service X-Force URL: http://xforce.iss.net/static/6131.php _____ Date Reported: 2/17/01 Vulnerability: moby-netsuite-bo Platforms Affected: Moby's NetSuite Risk Factor: Medium Attack Type: Network Based Brief Description: Moby's NetSuite Web server buffer overflow X-Force URL: http://xforce.iss.net/static/6132.php _____ Date Reported: 2/16/01 Vulnerability: webactive-directory-traversal Platforms Affected: WEBactive Risk Factor: Medium Attack Type: Network/Host Based Brief Description: WEBactive HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6121.php _____ Date Reported: 2/16/01 Vulnerability: esone-cgi-directory-traversal Platforms Affected: ES.One store.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Thinking Arts ES.One store.cgi directory traversal X-Force URL: http://xforce.iss.net/static/6124.php _____ Date Reported: 2/16/01 Vulnerability: vshell-username-bo Platforms Affected: VShell Risk Factor: High Attack Type: Network Based Brief Description: VShell username buffer overflow X-Force URL: http://xforce.iss.net/static/6146.php _____ Date Reported: 2/16/01 Vulnerability: vshell-port-forwarding-rule Platforms Affected: VShell Risk Factor: Medium Attack Type: Network/Host Based Brief Description: VShell uses weak port forwarding rule X-Force URL: http://xforce.iss.net/static/6148.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-isapi-bo Platforms Affected: Pi3Web Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Pi3Web ISAPI tstisapi.dll denial of service X-Force URL: http://xforce.iss.net/static/6113.php _____ Date Reported: 2/15/01 Vulnerability: pi3web-reveal-path Platforms Affected: Pi3Web Risk Factor: Low Attack Type: Network Based Brief Description: Pi3Web reveals physical path of server X-Force URL: http://xforce.iss.net/static/6114.php _____ Date Reported: 2/15/01 Vulnerability: bajie-execute-shell Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer execute shell commands X-Force URL: http://xforce.iss.net/static/6117.php _____ Date Reported: 2/15/01 Vulnerability: bajie-directory-traversal Platforms Affected: Bajie HTTP JServer Risk Factor: High Attack Type: Network Based Brief Description: Bajie HTTP JServer directory traversal X-Force URL: http://xforce.iss.net/static/6115.php _____ Date Reported: 2/15/01 Vulnerability: resin-directory-traversal Platforms Affected: Resin Risk Factor: Medium Attack Type: Network Based Brief Description: Resin Web server directory traversal X-Force URL: http://xforce.iss.net/static/6118.php _____ Date Reported: 2/15/01 Vulnerability: netware-mitm-recover-passwords Platforms Affected: Netware Risk Factor: Low Attack Type: Network Based Brief Description: Netware "man in the middle" attack password recovery X-Force URL: http://xforce.iss.net/static/6116.php _____ Date Reported: 2/14/01 Vulnerability: firebox-pptp-dos Platforms Affected: WatchGuard Firebox II Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard Firebox II PPTP denial of service X-Force URL: http://xforce.iss.net/static/6109.php _____ Date Reported: 2/14/01 Vulnerability: hp-virtualvault-iws-dos Platforms Affected: HP VirtualVault Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HP VirtualVault iPlanet Web Server denial of service X-Force URL: http://xforce.iss.net/static/6110.php _____ Date Reported: 2/14/01 Vulnerability: kicq-execute-commands Platforms Affected: KICQ Risk Factor: High Attack Type: Network Based Brief Description: kicq could allow remote execution of commands X-Force URL: http://xforce.iss.net/static/6112.php _____ Date Reported: 2/14/01 Vulnerability: hp-text-editor-bo Platforms Affected: HPUX Risk Factor: Medium Attack Type: Host Based Brief Description: HP Text editors buffer overflow X-Force URL: http://xforce.iss.net/static/6111.php _____ Date Reported: 2/13/01 Vulnerability: sendtemp-pl-read-files Platforms Affected: sendtemp.pl Risk Factor: Medium Attack Type: Network/Host Based Brief Description: sendtemp.pl could allow an attacker to read files on the server X-Force URL: http://xforce.iss.net/static/6104.php _____ Date Reported: 2/13/01 Vulnerability: analog-alias-bo Platforms Affected: Analog ALIAS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Analog ALIAS command buffer overflow X-Force URL: http://xforce.iss.net/static/6105.php _____ Date Reported: 2/13/01 Vulnerability: elm-long-string-bo Platforms Affected: Elm Risk Factor: Medium Attack Type: Host Based Brief Description: ELM -f command long string buffer overflow X-Force URL: http://xforce.iss.net/static/6151.php _____ Date Reported: 2/13/01 Vulnerability: winnt-pptp-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network Based Brief Description: Windows NT PPTP denial of service X-Force URL: http://xforce.iss.net/static/6103.php _____ Date Reported: 2/12/01 Vulnerability: startinnfeed-format-string Platforms Affected: Inn Risk Factor: High Attack Type: Host Based Brief Description: Inn 'startinnfeed' binary format string attack X-Force URL: http://xforce.iss.net/static/6099.php _____ Date Reported: 2/12/01 Vulnerability: his-auktion-cgi-url Platforms Affected: HIS Auktion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: HIS Auktion CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6090.php _____ Date Reported: 2/12/01 Vulnerability: wayboard-cgi-view-files Platforms Affected: Way-BOARD Risk Factor: Medium Attack Type: Network Based Brief Description: Way-BOARD CGI could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6091.php _____ Date Reported: 2/12/01 Vulnerability: muskat-empower-url-dir Platforms Affected: Musket Empower Risk Factor: Low Attack Type: Network/Host Based Brief Description: Musket Empower could allow attackers to gain access to the DB directory path X-Force URL: http://xforce.iss.net/static/6093.php _____ Date Reported: 2/12/01 Vulnerability: icq-icu-rtf-dos Platforms Affected: LICQ Gnome ICU Risk Factor: Low Attack Type: Network/Host Based Brief Description: LICQ and Gnome ICU rtf file denial of service X-Force URL: http://xforce.iss.net/static/6096.php _____ Date Reported: 2/12/01 Vulnerability: commerce-cgi-view-files Platforms Affected: Commerce.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: Commerce.cgi could allow attackers to view unauthorized files X-Force URL: http://xforce.iss.net/static/6095.php _____ Date Reported: 2/12/01 Vulnerability: roads-search-view-files Platforms Affected: ROADS Risk Factor: Medium Attack Type: Network Based Brief Description: ROADS could allow attackers to view unauthorized files using search.pl program X-Force URL: http://xforce.iss.net/static/6097.php _____ Date Reported: 2/12/01 Vulnerability: webpage-cgi-view-info Platforms Affected: WebPage.cgi Risk Factor: Low Attack Type: Network Based Brief Description: WebPage.cgi allows attackers to view sensitive information X-Force URL: http://xforce.iss.net/static/6100.php _____ Date Reported: 2/12/01 Vulnerability: webspirs-cgi-view-files Platforms Affected: WebSPIRS Risk Factor: Medium Attack Type: Network Based Brief Description: WebSPIRS CGI could allow an attacker to view unauthorized files X-Force URL: http://xforce.iss.net/static/6101.php _____ Date Reported: 2/12/01 Vulnerability: webpals-library-cgi-url Platforms Affected: WebPALS Risk Factor: Medium Attack Type: Network Based Brief Description: WebPALS Library System CGI script could allow attackers to view unauthorized files or execute commands X-Force URL: http://xforce.iss.net/static/6102.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-permissions Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled with nolicense permissions X-Force URL: http://xforce.iss.net/static/6092.php _____ Date Reported: 2/11/01 Vulnerability: cobol-apptrack-nolicense-symlink Platforms Affected: MicroFocus Cobol Risk Factor: High Attack Type: Host Based Brief Description: MicroFocus Cobol with AppTrack enabled allows symlink in nolicense X-Force URL: http://xforce.iss.net/static/6094.php _____ Date Reported: 2/10/01 Vulnerability: vixie-crontab-bo Platforms Affected: Vixie crontab Risk Factor: Medium Attack Type: Host Based Brief Description: Vixie crontab buffer overflow X-Force URL: http://xforce.iss.net/static/6098.php _____ Date Reported: 2/10/01 Vulnerability: novell-groupwise-bypass-policies Platforms Affected: Novell GroupWise Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Novell Groupwise allows user to bypass policies and view files X-Force URL: http://xforce.iss.net/static/6089.php _____ Date Reported: 2/9/01 Vulnerability: infobot-calc-gain-access Platforms Affected: Infobot Risk Factor: High Attack Type: Network Based Brief Description: Infobot 'calc' command allows remote users to gain access X-Force URL: http://xforce.iss.net/static/6078.php _____ Date Reported: 2/8/01 Vulnerability: linux-sysctl-read-memory Platforms Affected: Linux Risk Factor: Medium Attack Type: Host Based Brief Description: Linux kernel sysctl() read memory X-Force URL: http://xforce.iss.net/static/6079.php _____ Date Reported: 2/8/01 Vulnerability: openssh-bypass-authentication Platforms Affected: OpenSSH Risk Factor: High Attack Type: Network/Host Based Brief Description: OpenSSH 2.3.1 allows remote users to bypass authentication X-Force URL: http://xforce.iss.net/static/6084.php _____ Date Reported: 2/8/01 Vulnerability: lotus-notes-stored-forms Platforms Affected: Lotus Notes Risk Factor: High Attack Type: Network/Host Based Brief Description: Lotus Notes stored forms X-Force URL: http://xforce.iss.net/static/6087.php _____ Date Reported: 2/8/01 Vulnerability: linux-ptrace-modify-process Platforms Affected: Linux Risk Factor: High Attack Type: Host Based Brief Description: Linux kernel ptrace modify process X-Force URL: http://xforce.iss.net/static/6080.php _____ Date Reported: 2/8/01 Vulnerability: ssh-deattack-overwrite-memory Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 deattack.c allows memory to be overwritten X-Force URL: http://xforce.iss.net/static/6083.php _____ Date Reported: 2/7/01 Vulnerability: dc20ctrl-port-bo Platforms Affected: FreeBSD Risk Factor: Medium Attack Type: Host Based Brief Description: FreeBSD dc20ctrl port buffer overflow X-Force URL: http://xforce.iss.net/static/6077.php _____ Date Reported: 2/7/01 Vulnerability: ja-xklock-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: ja-xklock buffer overflow X-Force URL: http://xforce.iss.net/static/6073.php _____ Date Reported: 2/7/01 Vulnerability: ja-elvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ja-elvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6074.php _____ Date Reported: 2/7/01 Vulnerability: ko-helvis-elvrec-bo Platforms Affected: FreeBSD Risk Factor: High Attack Type: Host Based Brief Description: FreeBSD ko-helvis port buffer overflow X-Force URL: http://xforce.iss.net/static/6075.php _____ Date Reported: 2/7/01 Vulnerability: serverworx-directory-traversal Platforms Affected: ServerWorx Risk Factor: Medium Attack Type: Network Based Brief Description: ServerWorx directory traversal X-Force URL: http://xforce.iss.net/static/6081.php _____ Date Reported: 2/7/01 Vulnerability: ntlm-ssp-elevate-privileges Platforms Affected: NTLM Risk Factor: High Attack Type: Host Based Brief Description: NTLM Security Support Provider could allow elevation of privileges X-Force URL: http://xforce.iss.net/static/6076.php _____ Date Reported: 2/7/01 Vulnerability: ssh-session-key-recovery Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH protocol 1.5 session key recovery X-Force URL: http://xforce.iss.net/static/6082.php _____ Date Reported: 2/6/01 Vulnerability: aolserver-directory-traversal Platforms Affected: AOLserver Risk Factor: Medium Attack Type: Network Based Brief Description: AOLserver directory traversal X-Force URL: http://xforce.iss.net/static/6069.php _____ Date Reported: 2/6/01 Vulnerability: chilisoft-asp-elevate-privileges Platforms Affected: Chili!Soft Risk Factor: High Attack Type: Network/Host Based Brief Description: Chili!Soft ASP could allow elevated privileges X-Force URL: http://xforce.iss.net/static/6072.php _____ Date Reported: 2/6/01 Vulnerability: win-udp-dos Platforms Affected: Windows Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows UDP socket denial of service X-Force URL: http://xforce.iss.net/static/6070.php _____ Date Reported: 2/5/01 Vulnerability: ssh-daemon-failed-login Platforms Affected: SSH Risk Factor: High Attack Type: Network/Host Based Brief Description: SSH daemon failed login attempts are not logged X-Force URL: http://xforce.iss.net/static/6071.php _____ Date Reported: 2/5/01 Vulnerability: picserver-directory-traversal Platforms Affected: PicServer Risk Factor: Medium Attack Type: Network Based Brief Description: PicServer directory traversal X-Force URL: http://xforce.iss.net/static/6065.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-directory-traversal Platforms Affected: BiblioWeb Risk Factor: Medium Attack Type: Network Based Brief Description: BiblioWeb Server directory traversal X-Force URL: http://xforce.iss.net/static/6066.php _____ Date Reported: 2/5/01 Vulnerability: biblioweb-get-dos Platforms Affected: BiblioWeb Risk Factor: Low Attack Type: Network Based Brief Description: BiblioWeb Server GET request denial of service X-Force URL: http://xforce.iss.net/static/6068.php _____ Date Reported: 2/5/01 Vulnerability: ibm-netcommerce-reveal-information Platforms Affected: IBM Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM Net.Commerce could reveal sensitive information X-Force URL: http://xforce.iss.net/static/6067.php _____ Date Reported: 2/5/01 Vulnerability: win-dde-elevate-privileges Platforms Affected: Windows DDE Risk Factor: High Attack Type: Host Based Brief Description: Windows DDE can allow the elevation of privileges X-Force URL: http://xforce.iss.net/static/6062.php _____ Date Reported: 2/4/01 Vulnerability: hsweb-directory-browsing Platforms Affected: HSWeb Risk Factor: Low Attack Type: Network Based Brief Description: HSWeb Web Server allows attacker to browse directories X-Force URL: http://xforce.iss.net/static/6061.php _____ Date Reported: 2/4/01 Vulnerability: sedum-directory-traversal Platforms Affected: SEDUM Risk Factor: Medium Attack Type: Network Based Brief Description: SEDUM HTTP Server directory traversal X-Force URL: http://xforce.iss.net/static/6063.php _____ Date Reported: 2/4/01 Vulnerability: free-java-directory-traversal Platforms Affected: Free Java Risk Factor: Medium Attack Type: Network Based Brief Description: Free Java Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6064.php _____ Date Reported: 2/2/01 Vulnerability: goahead-directory-traversal Platforms Affected: GoAhead Risk Factor: High Attack Type: Network Based Brief Description: GoAhead Web Server directory traversal X-Force URL: http://xforce.iss.net/static/6046.php _____ Date Reported: 2/2/01 Vulnerability: gnuserv-tcp-cookie-overflow Platforms Affected: Gnuserv Risk Factor: High Attack Type: Network/Host Based Brief Description: Gnuserv TCP enabled cookie buffer overflow X-Force URL: http://xforce.iss.net/static/6056.php _____ Date Reported: 2/2/01 Vulnerability: xmail-ctrlserver-bo Platforms Affected: Xmail CTRLServer Risk Factor: High Attack Type: Network Based Brief Description: XMail CTRLServer buffer overflow X-Force URL: http://xforce.iss.net/static/6060.php _____ Date Reported: 2/2/01 Vulnerability: netscape-webpublisher-acl-permissions Platforms Affected: Netscape Web Publisher Risk Factor: Medium Attack Type: Network Based Brief Description: Netcape Web Publisher poor ACL permissions X-Force URL: http://xforce.iss.net/static/6058.php _____ Date Reported: 2/1/01 Vulnerability: cups-httpgets-dos Platforms Affected: CUPS Risk Factor: High Attack Type: Host Based Brief Description: CUPS httpGets() function denial of service X-Force URL: http://xforce.iss.net/static/6043.php _____ Date Reported: 2/1/01 Vulnerability: prospero-get-pin Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero GET request reveals PIN information X-Force URL: http://xforce.iss.net/static/6044.php _____ Date Reported: 2/1/01 Vulnerability: prospero-weak-permissions Platforms Affected: Prospero Risk Factor: High Attack Type: Network/Host Based Brief Description: Prospero uses weak permissions X-Force URL: http://xforce.iss.net/static/6045.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ ISS is a leading global provider of security management solutions for e-business. By offering best-of-breed SAFEsuite(tm) security software, comprehensive ePatrol(tm) monitoring services and industry-leading expertise, ISS serves as its customers' trusted security provider protecting digital assets and ensuring the availability, confidentiality and integrity of computer systems and information critical to e-business success. ISS' security management solutions protect more than 5,000 customers including 21 of the 25 largest U.S. commercial banks, 9 of the 10 largest telecommunications companies and over 35 government agencies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe and Latin America. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOqb8ojRfJiV99eG9AQGEaAP+KH+SQYNBsbUcv/mUJNUz7dDPIYVcmPNV 1xyO/ctnG6qScWnlXGltYS7Rj8T8tYAAZC77oDhFSvvs8CX1Dr32ImEyvOIJhMLA h0wKCV3HOAYJ662BASe3jbO3nL/bumNKCRL5heuIU85pQOuH9xbqXkmFEimDmG2B tT+ylKw4hn4= =kfHg -----END PGP SIGNATURE----- |
| var-202109-1368 | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. APPLE-SA-2021-07-21-7 Safari 14.1.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 iOS 14.7 and iPadOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212601. iOS 14.7 released July 19, 2021; iPadOS 14.7 released July 21, 2021 ActionKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A shortcut may be able to bypass Internet permission requirements Description: An input validation issue was addressed with improved input validation. CVE-2021-30763: Zachary Keffaber (@QuickUpdate5) Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30748: George Nosenko CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30786: ryuzaki CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University CVMS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) Find My Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to access Find My data Description: A permissions issue was addressed with improved validation. CVE-2021-30804: Csaba Fitzl (@theevilbit) of Offensive Security FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative Identity Service Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2021-30773: Linus Henze (pinauten.de) Image Processing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30802: Matthew Denton of Google Chrome Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2021-30769: Linus Henze (pinauten.de) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A logic issue was addressed with improved validation. CVE-2021-30770: Linus Henze (pinauten.de) libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-3518 Measure Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Multiple issues in libwebp Description: Multiple issues were addressed by updating to version 1.2.0. CVE-2018-25010 CVE-2018-25011 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative TCC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Safari We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "14.7" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6 jjB5LBAAkEy25fNpo8rg42bsyJwWsSQQxPN79JFxQ6L8tqdsM+MZk86dUKtsRQ47 mxarMf4uBwiIOtrGSCGHLIxXAzLqPY47NDhO+ls0dVxGMETkoR/287AeLnw2ITh3 DM0H/pco4hRhPh8neYTMjNPMAgkepx+r7IqbaHWapn42nRC4/2VkEtVGltVDLs3L K0UQP0cjy2w9KvRF33H3uKNCaCTJrVkDBLKWC7rPPpomwp3bfmbQHjs0ixV5Y8l5 3MfNmCuhIt34zAjVELvbE/PUXgkmsECbXHNZOct7ZLAbceneVKtSmynDtoEN0ajM JiJ6j+FCtdfB3xHk3cHqB6sQZm7fDxdK3z91MZvSZwwmdhJeHD/TxcItRlHNOYA1 FSi0Q954DpIqz3Fs4DGE7Vwz0g5+o5qup8cnw9oLXBdqZwWANuLsQlHlioPbcDhl r1DmwtghmDYFUeSMnzHu/iuRepEju+BRMS3ybCm5j+I3kyvAV8pyvqNNRLfJn+w+ Wl/lwXTtXbgsNPR7WJCBJffxB0gOGZaIG1blSGCY89t2if0vD95R5sRsrnaxuqWc qmtRdBfbmjxk/G+6t1sd4wFglTNovHiLIHXh17cwdIWMB35yFs7VA35833/rF4Oo jOF1D12o58uAewxAsK+cTixe7I9U5Awkad2Jz19V3qHnRWGqtVg\x8e1h -----END PGP SIGNATURE----- . CVE-2021-30786: ryuzaki CoreServices Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2021-30766: Liu Long of Ant Security Light-Year Lab CVE-2021-30765: Liu Long of Ant Security Light-Year Lab IOKit Available for: macOS Big Sur Impact: A local attacker may be able to execute code on the Apple T2 Security Chip Description: Multiple issues were addressed with improved logic. CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab Kext Management Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed with improved entitlements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary: An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3 05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7 sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7 tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5 QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX 2rgR2Ny0wo4=gfrM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========= WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4 Description ========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" References ========= [ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202202-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4945-1 security@debian.org https://www.debian.org/security/ Alberto Garcia July 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-21775 Marcin Towalski discovered that a specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. CVE-2021-21779 Marcin Towalski discovered that a specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30720 David Schutz discovered that a malicious website may be able to access restricted ports on arbitrary servers. For the stable distribution (buster), these problems have been fixed in version 2.32.3-1~deb10u1. We recommend that you upgrade your webkit2gtk packages |
| var-200609-1249 | The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues |
| var-201904-1344 | Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A buffer error vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 11.4.1 iOS 11.4.1 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher Emoji Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing an emoji under certain configurations may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2018-4290: Patrick Wardle of Digita Security Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2018-4282: Proteas of Qihoo 360 Nirvan Team libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate audio data cross-origin Description: Sound fetched through audio elements may be exfiltrated cross-origin. CVE-2018-4278: Jun Kokatsu (@shhnjk) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A race condition was addressed with additional validation. CVE-2018-4266: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4274: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4270: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4284: Found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4271: found by OSS-Fuzz CVE-2018-4273: found by OSS-Fuzz WebKit Page Loading Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com) Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFEpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCaYqQ/+ LoOw2Hgwr9l7EplQS1O9t9ssVvjaQ25JhxeAkEHhrrLTTpEHNOYhBgPj3XV3DkNT QR1XDKykgVXq1jAMqy2CzpVvb0bWrhAZte7lwLwTKiSdzWzY99LspMtck0uZXg5y qoePuHIifMF5oMzRsLq2IDKj7sDJ3mEOjOGizfJ5BRdFOZPKmuTLK/LnafzoqlOY XAYMj3puFWnlMs1ewTTbup5Oh0totisA7WlpDleG+a/IborfXe89nvUIAEyPH3UF jbPXGlIrB+aofMmoxgbJ7YDXm+7RZbRShrqS3IIwbuVWlWxi8M6AYvlFCAxKc3In R3Bum13NIR8ZTfLARmrRos54kzmygazCHK0yIkeKvJW3uSFIOUbBtkKQ8EpE8og9 KzNvxyMd5Le6kCJe8JECl6jrfnY7QrYBIPxowXymfcRyYpnpIidYHUPlej8OZYnT fH8lWsE09CikZjBLyKmM6NJ4Y24CAmILyJWTmrM+pM9jLN9InWxTr0raY+MiULnI MZgqDuP+wMKfcGGngOkDnmm84w4RSnwK7bRgVtCWV99rnqZvzDgoYhJXDyXXuPqL P0HN+TKdCJ7e+C4boqDup2Ojz7YhFXfCwkJ1fHLD+L+Aj46eLbuu9936vGgvAzQI 7aT98URG/GMffZ3Y53yDJZxHDTnFQ5/tOlNBv8LKJDA= =mzJ2 -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About". ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 ------------------------------------------------------------------------ Date reported : August 07, 2018 Advisory ID : WSA-2018-0006 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0006.html CVE identifiers : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4246 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.1. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4261 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Omair working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4262 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Mateusz Krzywicki working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4263 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4264 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light- Year Security Lab. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4265 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to cc working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4266 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. CVE-2018-4267 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz of Pangu team working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4270 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4271 Versions affected: WebKitGTK+ before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4272 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4273 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4278 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Jun Kokatsu (@shhnjk). A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. CVE-2018-4284 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-12911 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Yu Haiwan. Processing maliciously crafted web content may lead to arbitrary code execution. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, August 07, 2018 . CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com) Installation note: Safari 11.1.2 may be obtained from the Mac App Store |
| var-202108-2039 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. apple's iPadOS Cross-site scripting vulnerabilities exist in products from multiple vendors.Information may be obtained and information may be tampered with. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. AppKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2021-30873: Thijs Alkemade of Computest AppleScript Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30876: Jeremy Brown, hjy79425575 CVE-2021-30879: Jeremy Brown, hjy79425575 CVE-2021-30877: Jeremy Brown CVE-2021-30880: Jeremy Brown Audio Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to elevate privileges Description: An integer overflow was addressed through improved input validation. CVE-2021-30907: Zweig of Kunlun Lab Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America ColorSync Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero Continuity Camera Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30903: an anonymous researcher CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30919 FileProvider Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: An input validation issue was addressed with improved memory handling. CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360 Game Center Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to access information about a user's contacts Description: A logic issue was addressed with improved restrictions. CVE-2021-30895: Denis Tokarev Game Center Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to read user's gameplay data Description: A logic issue was addressed with improved restrictions. CVE-2021-30896: Denis Tokarev iCloud Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30906: Cees Elzinga Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of RET2 Systems, Inc. IOGraphics Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications IOMobileFrameBuffer Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30883: an anonymous researcher Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30886: @0xalsr Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30909: Zweig of Kunlun Lab Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab LaunchServices Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point Login Window Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS Description: This issue was addressed with improved checks. CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt of Informatique-MTF S.A., an anonymous researcher Model I/O Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Sandbox Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to read sensitive information Description: A permissions issue was addressed with improved validation. CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security SMB Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs SoftwareUpdate Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may gain access to a user's Keychain items Description: The issue was addressed with improved permissions logic. CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab SoftwareUpdate Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An unprivileged application may be able to edit NVRAM variables Description: The issue was addressed with improved permissions logic. CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab UIKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A person with physical access to an iOS device may be determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management. CVE-2021-30915: Kostas Angelopoulos WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: A logic issue was addressed with improved restrictions. CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd. WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior Description: An information leakage issue was addressed. CVE-2021-30888: Prakash (@1lastBr3ath) WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren (ryanpickren.com) WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30890: an anonymous researcher Windows Server Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2021-30908: ASentientBot xar Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files Description: This issue was addressed with improved checks. CVE-2021-30833: Richard Warren of NCC Group zsh Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30892: Jonathan Bar Or of Microsoft Additional recognition APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. App Support We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录 for their assistance. Bluetooth We would like to acknowledge say2 of ENKI for their assistance. CUPS We would like to acknowledge an anonymous researcher for their assistance. iCloud We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance. Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Mail We would like to acknowledge Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences for their assistance. Managed Configuration We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for their assistance. smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. WebKit We would like to acknowledge Ivan Fratric of Google Project Zero, Pavel Gromadchuk, an anonymous researcher for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5 pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W 0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4= =3Pcg -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4 Description ========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" References ========= [ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202202-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 ===================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: webkit2gtk3-2.34.6-1.el8.src.rpm aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. For the oldstable distribution (buster), these problems have been fixed in version 2.34.3-1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 2.34.3-1~deb11u1. We recommend that you upgrade your webkit2gtk packages |
| var-201006-1259 | Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application duplicates event listeners in .svg documents. Upon creating an AnimateTransform object, the library will create a timer to handle the transformation and duplicate the object's event listener into Webkit's "shadow tree" of the image. Upon destruction of the shadow tree and the original tree, the application will destroy the Element containing the event listener twice. This can lead to code execution under the context of the application. An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-100 June 8, 2010 -- CVE ID: CVE-2010-1402 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9873. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4196 -- Disclosure Timeline: 2010-02-18 - Vulnerability reported to vendor 2010-06-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * wushi of team509 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi |
| var-201707-0592 | Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. Heimdal is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Heimdal is a Kerberos 5 implementation. A data forgery issue vulnerability exists in Heimdal versions prior to 7.4. =========================================================================== Ubuntu Security Notice USN-3353-3 July 24, 2017 heimdal vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Heimdal could allow unintended access to network services. Software description heimdal - Heimdal Kerberos Network Authentication Protocol Details USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding updade for Ubuntu 12.04 ESM. Original advisory details: Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libkrb5-26-heimdal 1.6~git20120311.dfsg.1-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications using Heimdal libraries to make all the necessary changes. References https://www.ubuntu.com/usn/usn-3353-3 https://www.ubuntu.com/usn/usn-3353-1 CVE-2017-11103 . CVE-2017-7074: Daniel Jalkut of Red Sweater Software Captive Network Assistant Available for: OS X Lion v10.8 and later Impact: A local user may unknowingly send a password unencrypted over the network Description: The security state of the captive portal browser was not obvious. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Entry added September 25, 2017 Additional recognition Security We would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance. Webkit We would like to acknowledge xisigr of Tencent's Xuanwu Lab (tencent.com) for their assistance. CVE-2016-736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789 APFS Available for: macOS High Sierra 10.13 Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation. CVE-2017-1000101: Brian Carpenter, Yongji Ouyang Dictionary Widget Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information Description: A validation issue existed which allowed local file access. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Wi-Fi Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11 iOS 11 addresses the following: 802.1X Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2. CVE-2017-13832: an anonymous researcher Entry added October 31, 2017 Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to access restricted files Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2017-7131: Dominik Conrads of Federal Office for Information Security, an anonymous researcher, Elvis (@elvisimprsntr), an anonymous researcher CFNetwork Proxies Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc. CFString Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13821: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017 CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13825: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017 Exchange ActiveSync Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to erase a device during Exchange account setup Description: A validation issue existed in AutoDiscover V1. This was addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is now supported. CVE-2017-7088: Ilya Nesterov, Maxim Goncharov file Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.31. CVE-2017-13815 Entry added October 31, 2017 Fonts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13828: an anonymous researcher Entry added October 31, 2017 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to impersonate a service Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation. CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams HFS Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum Entry added October 31, 2017 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7072: JAdrzej Krysztofiak ImageIO Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-13814: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017 ImageIO Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-2017-13831: an anonymous researcher Entry added October 31, 2017 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13817: Maxime Villard (m00nbsd) Entry added October 31, 2017 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13818: The UK's National Cyber Security Centre (NCSC) CVE-2017-13836: an anonymous researcher, an anonymous researcher CVE-2017-13841: an anonymous researcher CVE-2017-13840: an anonymous researcher CVE-2017-13842: an anonymous researcher CVE-2017-13782: Kevin Backhouse of Semmle Ltd. Entry added October 31, 2017 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13843: an anonymous researcher Entry added October 31, 2017 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a malformed mach binary may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved validation. CVE-2017-13834: Maxime Villard (m00nbsd) Entry added October 31, 2017 Keyboard Suggestions Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Keyboard autocorrect suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics. CVE-2017-7140: an anonymous researcher libarchive Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-13813: found by OSS-Fuzz CVE-2017-13816: found by OSS-Fuzz Entry added October 31, 2017 libarchive Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2017-13812: found by OSS-Fuzz Entry added October 31, 2017 libc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google libc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373 libexpat Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233 Location Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read sensitive location information Description: A permissions issue existed in the handling of the location variable. This was addressed with additional ownership checks. CVE-2017-7148: an anonymous researcher, an anonymous researcher Mail Drafts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted. CVE-2017-7078: an anonymous researcher, an anonymous researcher, an anonymous researcher Mail MessageUI Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: A memory corruption issue was addressed with improved validation. CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: A denial of service issue was addressed through improved validation. CVE-2017-7118: Kiki Jiang and Jason Tokoph MobileBackup Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2017-7133: Don Sparks of HackediOS.com Phone Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A screenshot of secure content may be taken when locking an iOS device Description: A timing issue existed in the handling of locking. This issue was addressed by disabling screenshots while locking. CVE-2017-7139: an anonymous researcher Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13822: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017 Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-7132: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017 Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation. CVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious app may be able to track users between installs Description: A permission checking issue existed in the handling of an app's Keychain data. This issue was addressed with improved permission checking. CVE-2017-7146: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher Time Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: "Setting Time Zone" may incorrectly indicate that it is using location Description: A permissions issue existed in the process that handles time zone information. The issue was resolved by modifying permissions. CVE-2017-7145: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7081: Apple WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7087: Apple CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro's Zero Day Initiative CVE-2017-7096: Wei Yuan of Baidu Security Lab CVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica CVE-2017-7099: Apple CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53 CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7104: likemeng of Baidu Secutity Lab CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative CVE-2017-7117: lokihardt of Google Project Zero CVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security Lab WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. CVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. CVE-2017-7090: Apple WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: Application Cache policy may be unexpectedly applied. CVE-2017-7109: avlidienbrunn WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2017-7144: an anonymous researcher Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-11120: Gal Beniamini of Google Project Zero CVE-2017-11121: Gal Beniamini of Google Project Zero Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7103: Gal Beniamini of Google Project Zero CVE-2017-7105: Gal Beniamini of Google Project Zero CVE-2017-7108: Gal Beniamini of Google Project Zero CVE-2017-7110: Gal Beniamini of Google Project Zero CVE-2017-7112: Gal Beniamini of Google Project Zero Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: Multiple race conditions were addressed through improved validation. CVE-2017-7115: Gal Beniamini of Google Project Zero Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7116: Gal Beniamini of Google Project Zero zlib Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8QpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEb3gRAA mkMtw5g6ZpDFNK4MpKwfTbwIK7rNjxEh2VGvv+1VNTJJRewGiXcbl/cf5EefPJFR RpH+8u2jjl7rgEDwRPLYY4EixRTwvOVs46MS5lzkNKjwaIhBswH6ubFIkw2MRgn9 zBbAmixTDb2HVaG2vMtmDm1PmXMq7QMau4W+G0m40bwiNBAyrqcttiiJ1NxdZsBl LouPNKhaOCLPuDeHG6oJmPRcZCyIvNpXJGE9UA/LMKL5yPbZQpqJvYBznof/SVXq QxvLw1D60Ki+2L2ItXEVAaAfkKh50+cn34m7rhb4ZIv3/hE86BpoFRGaAhni+QGJ ugJ2FYciTPnbLttpZlBYfj29BMqqkYQ1HJ+xEQf3krKiQmGKWcRV4858h2GZRGkW wwd9l1Ym4vDTNK+0yVnN58XTyOjJh/dH8t+Bzp63OUFTLiab6/3kfccozlobbivF pZWt6fFqbn/e6Re62Xj0VfxlST5TjGqxZq0qgNJiWG9s5z0To3YcDXhJSsTyjtIj cLM13UTPFAPj+ReTaA0wczvjoq4J6EyVD2bDOHv/iKY+7xOO9+5vTYGD3nhKjdAo GFBCbpCtBrrrlAd6TtW1D15QBJ+/e/5uJYd9r2BIR/w3l5I7IAnNHtYV9zu/wvuM odr7Q4DNa5UQq0VMLbsd2avIoYX+xxKQg4WUv8BbkZI= =NYhG -----END PGP SIGNATURE----- |
| var-201109-0190 | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. libxml2 Is XPath There is a flaw in memory double release due to incomplete processing.Service disruption by a third party (DoS) May result in a condition or other unclear effects. Google Chrome is a web browser developed by Google (Google). ========================================================================== Ubuntu Security Notice USN-1334-1 January 19, 2012 libxml2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. (CVE-2011-3919) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.1 Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.2 Ubuntu 10.10: libxml2 2.7.7.dfsg-4ubuntu0.3 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.3 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.7 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002 OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses the following: Login Window Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Remote admins and persons with physical access to the system may obtain account information Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. See http://support.apple.com/kb/TS4272 for more information on how to securely remove any remaining records. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. CVE-ID CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson Bluetooth Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A local user may be able to execute arbitrary code with system privileges Description: A temporary file race condition issue existed in blued's initialization routine. CVE-ID CVE-2012-0649 : Aaron Sigel of vtty.com curl Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. CVE-ID CVE-2011-3389 : Apple curl Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Using curl or libcurl with a maliciously crafted URL may lead to protocol-specific data injection attacks Description: A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0036 Directory Service Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: A remote attacker may obtain sensitive information Description: Multiple issues existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to disclose memory from its address space, potentially revealing account credentials or other sensitive information. This issue does not affect OS X Lion systems. The Directory Server is disabled by default in non-server installations of OS X. CVE-ID CVE-2012-0651 : Agustin Azubel HFS Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Mounting a maliciously crafted disk image may lead to a system shutdown or arbitrary code execution Description: An integer underflow existed in the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: Multiple vulnerabilities in libpng Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to information disclosure. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2692 CVE-2011-3328 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 Kernel Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: When FileVault is used, the disk may contain unencrypted user data Description: An issue in the kernel's handling of the sleep image used for hibernation left some data unencrypted on disk even when FileVault was enabled. This issue is addressed through improved handling of the sleep image, and by overwriting the existing sleep image when updating to OS X v10.7.4. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Felix Groebert of Google Security Team libarchive Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of tar archives and iso9660 files. CVE-ID CVE-2011-1777 CVE-2011-1778 libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Verifying a maliciously crafted X.509 certificate, such as when visiting a maliciously crafted website, may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of X.509 certificates. CVE-ID CVE-2012-0654 : Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, Ryan Sleevi of Google libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Support for X.509 certificates with insecure-length RSA keys may expose users to spoofing and information disclosure Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits. CVE-ID CVE-2012-0655 libxml Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla LoginUIFramework Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: If the Guest user is enabled, a user with physical access to the computer may be able to log in to a user other than the Guest user without entering a password Description: A race condition existed in the handling of Guest user logins. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0656 : Francisco Gomez (espectalll123) PHP Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Multiple vulnerabilities in PHP Description: PHP is updated to version 5.3.10 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-4566 CVE-2011-4885 CVE-2012-0830 Quartz Composer Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A user with physical access to the computer may be able to cause Safari to launch if the screen is locked and the RSS Visualizer screen saver is used Description: An access control issue existed in Quartz Composer's handling of screen savers. This issue is addressed through improved checking for whether or not the screen is locked. CVE-ID CVE-2012-0657 : Aaron Sigel of vtty.com QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio sample tables. CVE-ID CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of MPEG files. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of MPEG files. CVE-ID CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research QuickTime Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Multiple vulnerabilities in Ruby Description: Ruby is updated to 1.8.7-p357 to address multiple vulnerabilities. CVE-ID CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 Samba Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If SMB file sharing is enabled, an unauthenticated remote attacker may cause a denial of service or arbitrary code execution with system privileges Description: Multiple buffer overflows existed in Samba's handling of remote procedure calls. By sending a maliciously crafted packet, an unauthenticated remote attacker could cause a denial of service or arbitrary code execution with system privileges. These issues do not affect OS X Lion systems. CVE-ID CVE-2012-0870 : Andy Davis of NGS Secure CVE-2012-1182 : An anonymous researcher working with HP's Zero Day Initiative Security Framework Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework. Processing untrusted input with the Security framework could result in memory corruption. This issue does not affect 32-bit processes. CVE-ID CVE-2012-0662 : aazubel working with HP's Zero Day Initiative Time Machine Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may access a user's Time Machine backup credentials Description: The user may designate a Time Capsule or remote AFP volume attached to an AirPort Base Station to be used for Time Machine backups. Beginning with AirPort Base Station and Time Capsule Firmware Update 7.6, Time Capsules and Base Stations support a secure SRP-based authentication mechanism over AFP. However, Time Machine did not require that the SRP-based authentication mechanism was used for subsequent backup operations, even if Time Machine was initially configured or had ever contacted a Time Capsule or Base Station that supported it. An attacker who is able to spoof the remote volume could gain access to user's Time Capsule credentials, although not backup data, sent by the user's system. This issue is addressed by requiring use of the SRP-based authentication mechanism if the backup destination has ever supported it. CVE-ID CVE-2012-0675 : Renaud Deraison of Tenable Network Security, Inc. X11 Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Applications that use libXfont to process LZW-compressed data may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libXfont's handling of LZW-compressed data. This issue is addressed by updating libXfont to version 1.4.4. CVE-ID CVE-2011-2895 : Tomas Hoger of Red Hat Note: Additionally, this update filters dynamic linker environment variables from a customized environment property list in the user's home directory, if present. OS X Lion v10.7.4 and Security Update 2012-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4. For OS X Lion v10.7.3 The download file is named: MacOSXUpd10.7.4.dmg Its SHA-1 digest is: 04c53a6148ebd8c5733459620b7c1e2172352d36 For OS X Lion v10.7 and v10.7.2 The download file is named: MacOSXUpdCombo10.7.4.dmg Its SHA-1 digest is: b11d511a50d9b728532688768fcdee9c1930037f For OS X Lion Server v10.7.3 The download file is named: MacOSXServerUpd10.7.4.dmg Its SHA-1 digest is: 3cb5699c8ecf7d70145f3692555557f7206618b2 For OS X Lion Server v10.7 and v10.7.2 The download file is named: MacOSXServerUpdCombo10.7.4.dmg Its SHA-1 digest is: 917207e922056718b9924ef73caa5fcac06b7240 For Mac OS X v10.6.8 The download file is named: SecUpd2012-002Snow.dmg Its SHA-1 digest is: 9669fbd9952419e70ac20109cf4db37f9932e9f8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-002.dmg Its SHA-1 digest is: 34da2dcbc8d45362f1d5e3b1b218112a729ae1c3 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPqtkzAAoJEGnF2JsdZQeee2MIAKAcBIY6k0LU2fDLThFoAgKh WkYpGmCwa7L6n02geHzWrUCK/P/0yGWzDDqLfKlKuKbXdEIRP2wZTlvrqZHLzNO/ nXgz3HN1Xbll8yVXrGMEsoTD23Q+2/ZKLGMlSDw3vgBTVi/g4Rcer4Eew5mTkaoA j4WkrzgVUIxCMrsWMMwu1SVaizBuTYbNVzCzV3JPF1H0zVtVKgwWjhTdOJ/RDksD sjZG1XIEqVyv1rNk5BtjxVPFaJGpf9mcHiH8XyKQ0bC6ToM2r3B++Layoc5k1K0V OxKGSfWOEbWi/KR6vlXyVbe7JnU7a/V0C25HXhnoMEtoTCleZACEByLVtBC87LU= =6Eiz -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03360041 Version: 1 HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-06-26 Last Updated: 2012-06-26 Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here: HP System Management Homepage for Windows x64 [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HP System Management Homepage for Windows x86 [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HP System Management Homepage for Linux (AMD64/EM64T) [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HP System Management Homepage for Linux (x86) [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HISTORY Version:1 (rev.1) 26 June 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. CVE-2011-2821: A memory corruption (double free) bug has been identified in libxml2's XPath engine. This vulnerability does not affect the oldstable distribution (lenny). For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 2.7.8.dfsg-7. For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-7. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc. CVE-ID CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". 5 client) - i386, x86_64 3. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. The desktop must be restarted (log out, then log back in) for this update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 ===================================================================== 1. Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-200803-0016 | CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15884 VERIFY ADVISORY: http://secunia.com/advisories/15884/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/ DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- |
| var-201912-1850 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple watchOS prior to 6.1; Safari prior to 13.0.3; iOS prior to 13.2; iPadOS prior to 13.2; tvOS prior to 13.2; Windows-based iCloud prior to 11.0; Windows-based iTunes 12.10 .2 version; versions prior to iCloud 7.15 based on the Windows platform. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). Solution: Download the release images via: quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3 4. Bugs fixed (https://bugzilla.redhat.com/): 1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version 6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-4 watchOS 6.1 watchOS 6.1 is now available and addresses the following: Accounts Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt App Store Available for: Apple Watch Series 1 and later Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu) AppleFirmwareUpdateKext Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure Contacts Available for: Apple Watch Series 1 and later Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com) File System Events Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8750: found by OSS-Fuzz VoiceOver Available for: Apple Watch Series 1 and later Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen Description: The issue was addressed by restricting options offered on a locked device. CVE-2019-8743: zhunki from Codesafe Team of Legendsec at Qi'anxin Group CVE-2019-8765: Samuel Groß of Google Project Zero CVE-2019-8766: found by OSS-Fuzz CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8820: Samuel Groß of Google Project Zero Additional recognition boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum for their assistance. CFNetwork We would like to acknowledge Lily Chen of Google for their assistance. Kernel We would like to acknowledge Jann Horn of Google Project Zero for their assistance. Safari We would like to acknowledge Ron Summers for their assistance. WebKit We would like to acknowledge Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:0055 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * grafana: Snapshot authentication bypass (CVE-2021-39226) * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673) * grafana: directory traversal vulnerability (CVE-2021-43813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64 The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror` 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform 1976894 - Unidling a StatefulSet does not work as expected 1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases 1977414 - Build Config timed out waiting for condition 400: Bad Request 1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus 1978528 - systemd-coredump started and failed intermittently for unknown reasons 1978581 - machine-config-operator: remove runlevel from mco namespace 1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable 1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9 1979966 - OCP builds always fail when run on RHEL7 nodes 1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading 1981549 - Machine-config daemon does not recover from broken Proxy configuration 1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel] 1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues 1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page 1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands 1982662 - Workloads - DaemonSets - Add storage: i18n misses 1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "*/secrets/encryption-config" on single node clusters 1983758 - upgrades are failing on disruptive tests 1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma" 1984592 - global pull secret not working in OCP4.7.4+ for additional private registries 1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs 1985486 - Cluster Proxy not used during installation on OSP with Kuryr 1985724 - VM Details Page missing translations 1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted 1985933 - Downstream image registry recommendation 1985965 - oVirt CSI driver does not report volume stats 1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding" 1986237 - "MachineNotYetDeleted" in Pending state , alert not fired 1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid" 1986302 - console continues to fetch prometheus alert and silences for normal user 1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI 1986338 - error creating list of resources in Import YAML 1986502 - yaml multi file dnd duplicates previous dragged files 1986819 - fix string typos for hot-plug disks 1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure 1987136 - Declare operatorframework.io/arch.* labels for all operators 1987257 - Go-http-client user-agent being used for oc adm mirror requests 1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold 1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP 1988406 - SSH key dropped when selecting "Customize virtual machine" in UI 1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade 1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs 1989438 - expected replicas is wrong 1989502 - Developer Catalog is disappearing after short time 1989843 - 'More' and 'Show Less' functions are not translated on several page 1990014 - oc debug <pod-name> does not work for Windows pods 1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created 1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page 1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar 1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI 1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks 1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var 1990625 - Ironic agent registers with SLAAC address with privacy-stable 1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time 1991067 - github.com can not be resolved inside pods where cluster is running on openstack. 1991573 - Enable typescript strictNullCheck on network-policies files 1991641 - Baremetal Cluster Operator still Available After Delete Provisioning 1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator 1991819 - Misspelled word "ocurred" in oc inspect cmd 1991942 - Alignment and spacing fixes 1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked 1992453 - The configMap failed to save on VM environment tab 1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab 1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab 1992509 - Could not customize boot source due to source PVC not found 1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1992580 - storageProfile should stay with the same value by check/uncheck the apply button 1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply 1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios 1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed) 1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing 1994094 - Some hardcodes are detected at the code level in OpenShift console components 1994142 - Missing required cloud config fields for IBM Cloud 1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools 1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart 1995335 - [SCALE] ovnkube CNI: remove ovs flows check 1995493 - Add Secret to workload button and Actions button are not aligned on secret details page 1995531 - Create RDO-based Ironic image to be promoted to OKD 1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator 1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread 1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole 1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN 1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down 1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page 1996647 - Provide more useful degraded message in auth operator on DNS errors 1996736 - Large number of 501 lr-policies in INCI2 env 1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes 1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP 1996928 - Enable default operator indexes on ARM 1997028 - prometheus-operator update removes env var support for thanos-sidecar 1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used 1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. 1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI 1997269 - Have to refresh console to install kube-descheduler 1997478 - Storage operator is not available after reboot cluster instances 1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 1997967 - storageClass is not reserved from default wizard to customize wizard 1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order 1998038 - [e2e][automation] add tests for UI for VM disk hot-plug 1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus 1998174 - Create storageclass gp3-csi after install ocp cluster on aws 1998183 - "r: Bad Gateway" info is improper 1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected 1998377 - Filesystem table head is not full displayed in disk tab 1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory 1998519 - Add fstype when create localvolumeset instance on web console 1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses 1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page 1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable 1999091 - Console update toast notification can appear multiple times 1999133 - removing and recreating static pod manifest leaves pod in error state 1999246 - .indexignore is not ingore when oc command load dc configuration 1999250 - ArgoCD in GitOps operator can't manage namespaces 1999255 - ovnkube-node always crashes out the first time it starts 1999261 - ovnkube-node log spam (and security token leak?) 1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page 1999314 - console-operator is slow to mark Degraded as False once console starts working 1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck) 1999556 - "master" pool should be updated before the CVO reports available at the new version occurred 1999578 - AWS EFS CSI tests are constantly failing 1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages 1999619 - cloudinit is malformatted if a user sets a password during VM creation flow 1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow 1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined 1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub) 1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource 1999771 - revert "force cert rotation every couple days for development" in 4.10 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. 1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions 1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form 1999983 - No way to clear upload error from template boot source 2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter 2000096 - Git URL is not re-validated on edit build-config form reload 2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig 2000236 - Confusing usage message from dynkeepalived CLI 2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported 2000430 - bump cluster-api-provider-ovirt version in installer 2000450 - 4.10: Enable static PV multi-az test 2000490 - All critical alerts shipped by CMO should have links to a runbook 2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded) 2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster 2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled 2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console 2000754 - IPerf2 tests should be lower 2000846 - Structure logs in the entire codebase of Local Storage Operator 2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24 2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2000938 - CVO does not respect changes to a Deployment strategy 2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy 2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone 2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole 2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error 2001337 - Details Card in ODF Dashboard mentions OCS 2001339 - fix text content hotplug 2001413 - [e2e][automation] add/delete nic and disk to template 2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log 2001442 - Empty termination.log file for the kube-apiserver has too permissive mode 2001479 - IBM Cloud DNS unable to create/update records 2001566 - Enable alerts for prometheus operator in UWM 2001575 - Clicking on the perspective switcher shows a white page with loader 2001577 - Quick search placeholder is not displayed properly when the search string is removed 2001578 - [e2e][automation] add tests for vm dashboard tab 2001605 - PVs remain in Released state for a long time after the claim is deleted 2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options 2001620 - Cluster becomes degraded if it can't talk to Manila 2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF 2001761 - Unable to apply cluster operator storage for SNO on GCP platform. 2001765 - Some error message in the log of diskmaker-manager caused confusion 2001784 - show loading page before final results instead of showing a transient message No log files exist 2001804 - Reload feature on Environment section in Build Config form does not work properly 2001810 - cluster admin unable to view BuildConfigs in all namespaces 2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well 2001823 - OCM controller must update operator status 2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start 2001835 - Could not select image tag version when create app from dev console 2001855 - Add capacity is disabled for ocs-storagecluster 2001856 - Repeating event: MissingVersion no image found for operand pod 2001959 - Side nav list borders don't extend to edges of container 2002007 - Layout issue on "Something went wrong" page 2002010 - ovn-kube may never attempt to retry a pod creation 2002012 - Cannot change volume mode when cloning a VM from a template 2002027 - Two instances of Dotnet helm chart show as one in topology 2002075 - opm render does not automatically pulling in the image(s) used in the deployments 2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster 2002125 - Network policy details page heading should be updated to Network Policy details 2002133 - [e2e][automation] add support/virtualization and improve deleteResource 2002134 - [e2e][automation] add test to verify vm details tab 2002215 - Multipath day1 not working on s390x 2002238 - Image stream tag is not persisted when switching from yaml to form editor 2002262 - [vSphere] Incorrect user agent in vCenter sessions list 2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector 2002276 - OLM fails to upgrade operators immediately 2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods 2002354 - Missing DU configuration "Done" status reporting during ZTP flow 2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs 2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation 2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN 2002397 - Resources search is inconsistent 2002434 - CRI-O leaks some children PIDs 2002443 - Getting undefined error on create local volume set page 2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy 2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods. 2002559 - User preference for topology list view does not follow when a new namespace is created 2002567 - Upstream SR-IOV worker doc has broken links 2002588 - Change text to be sentence case to align with PF 2002657 - ovn-kube egress IP monitoring is using a random port over the node network 2002713 - CNO: OVN logs should have millisecond resolution 2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event 2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite 2002763 - Two storage systems getting created with external mode RHCS 2002808 - KCM does not use web identity credentials 2002834 - Cluster-version operator does not remove unrecognized volume mounts 2002896 - Incorrect result return when user filter data by name on search page 2002950 - Why spec.containers.command is not created with "oc create deploymentconfig <dc-name> --image=<image> -- <command>" 2003096 - [e2e][automation] check bootsource URL is displaying on review step 2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role 2003120 - CI: Uncaught error with ResizeObserver on operand details page 2003145 - Duplicate operand tab titles causes "two children with the same key" warning 2003164 - OLM, fatal error: concurrent map writes 2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form 2003193 - Kubelet/crio leaks netns and veth ports in the host 2003195 - OVN CNI should ensure host veths are removed 2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images 2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI 2003244 - Revert libovsdb client code 2003251 - Patternfly components with list element has list item bullet when they should not. 2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI 2003269 - Rejected pods should be filtered from admission regression 2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release 2003426 - [e2e][automation] add test for vm details bootorder 2003496 - [e2e][automation] add test for vm resources requirment settings 2003641 - All metal ipi jobs are failing in 4.10 2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state 2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node 2003683 - Samples operator is panicking in CI 2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page 2003715 - Error on creating local volume set after selection of the volume mode 2003743 - Remove workaround keeping /boot RW for kdump support 2003775 - etcd pod on CrashLoopBackOff after master replacement procedure 2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver 2003792 - Monitoring metrics query graph flyover panel is useless 2003808 - Add Sprint 207 translations 2003845 - Project admin cannot access image vulnerabilities view 2003859 - sdn emits events with garbage messages 2003896 - (release-4.10) ApiRequestCounts conditional gatherer 2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas 2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes 2004059 - [e2e][automation] fix current tests for downstream 2004060 - Trying to use basic spring boot sample causes crash on Firefox 2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection 2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently 2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver 2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory 2004449 - Boot option recovery menu prevents image boot 2004451 - The backup filename displayed in the RecentBackup message is incorrect 2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts 2004508 - TuneD issues with the recent ConfigParser changes. 2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions 2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs 2004578 - Monitoring and node labels missing for an external storage platform 2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days 2004596 - [4.10] Bootimage bump tracker 2004597 - Duplicate ramdisk log containers running 2004600 - Duplicate ramdisk log containers running 2004609 - output of "crictl inspectp" is not complete 2004625 - BMC credentials could be logged if they change 2004632 - When LE takes a large amount of time, multiple whereabouts are seen 2004721 - ptp/worker custom threshold doesn't change ptp events threshold 2004736 - [knative] Create button on new Broker form is inactive despite form being filled 2004796 - [e2e][automation] add test for vm scheduling policy 2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque 2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card 2004901 - [e2e][automation] improve kubevirt devconsole tests 2004962 - Console frontend job consuming too much CPU in CI 2005014 - state of ODF StorageSystem is misreported during installation or uninstallation 2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines 2005179 - pods status filter is not taking effect 2005182 - sync list of deprecated apis about to be removed 2005282 - Storage cluster name is given as title in StorageSystem details page 2005355 - setuptools 58 makes Kuryr CI fail 2005407 - ClusterNotUpgradeable Alert should be set to Severity Info 2005415 - PTP operator with sidecar api configured throws bind: address already in use 2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console 2005554 - The switch status of the button "Show default project" is not revealed correctly in code 2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable 2005761 - QE - Implementing crw-basic feature file 2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow 2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty 2005854 - SSH NodePort service is created for each VM 2005901 - KS, KCM and KA going Degraded during master nodes upgrade 2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user 2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics 2005971 - Change telemeter to report the Application Services product usage metrics 2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files 2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased 2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types 2006101 - Power off fails for drivers that don't support Soft power off 2006243 - Metal IPI upgrade jobs are running out of disk space 2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address 2006308 - Backing Store YAML tab on click displays a blank screen on UI 2006325 - Multicast is broken across nodes 2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators 2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource 2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception" 2006714 - add retry for etcd errors in kube-apiserver 2006767 - KubePodCrashLooping may not fire 2006803 - Set CoreDNS cache entries for forwarded zones 2006861 - Add Sprint 207 part 2 translations 2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap 2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors 2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded 2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick 2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails 2007271 - CI Integration for Knative test cases 2007289 - kubevirt tests are failing in CI 2007322 - Devfile/Dockerfile import does not work for unsupported git host 2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2008521 - gcp-hostname service should correct invalid search entries in resolv.conf 2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount 2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror 2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers 2008599 - Azure Stack UPI does not have Internal Load Balancer 2008612 - Plugin asset proxy does not pass through browser cache headers 2008712 - VPA webhook timeout prevents all pods from starting 2008733 - kube-scheduler: exposed /debug/pprof port 2008911 - Prometheus repeatedly scaling prometheus-operator replica set 2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12 2009055 - Instances of OCS to be replaced with ODF on UI 2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs 2009083 - opm blocks pruning of existing bundles during add 2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances 2009131 - [e2e][automation] add more test about vmi 2009148 - [e2e][automation] test vm nic presets and options 2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator 2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family 2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted 2009384 - UI changes to support BindableKinds CRD changes 2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped 2009424 - Deployment upgrade is failing availability check 2009454 - Change web terminal subscription permissions from get to list 2009465 - container-selinux should come from rhel8-appstream 2009514 - Bump OVS to 2.16-15 2009555 - Supermicro X11 system not booting from vMedia with AI 2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points 2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow 2009699 - Failure to validate flavor RAM 2009754 - Footer is not sticky anymore in import forms 2009785 - CRI-O's version file should be pinned by MCO 2009791 - Installer: ibmcloud ignores install-config values 2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13 2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo 2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2009873 - Stale Logical Router Policies and Annotations for a given node 2009879 - There should be test-suite coverage to ensure admin-acks work as expected 2009888 - SRO package name collision between official and community version 2010073 - uninstalling and then reinstalling sriov-network-operator is not working 2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. 2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default 2013751 - Service details page is showing wrong in-cluster hostname 2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page 2013871 - Resource table headings are not aligned with their column data 2013895 - Cannot enable accelerated network via MachineSets on Azure 2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude" 2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG) 2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain 2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab) 2013996 - Project detail page: Action "Delete Project" does nothing for the default project 2014071 - Payload imagestream new tags not properly updated during cluster upgrade 2014153 - SRIOV exclusive pooling 2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace 2014238 - AWS console test is failing on importing duplicate YAML definitions 2014245 - Several aria-labels, external links, and labels aren't internationalized 2014248 - Several files aren't internationalized 2014352 - Could not filter out machine by using node name on machines page 2014464 - Unexpected spacing/padding below navigation groups in developer perspective 2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages 2014486 - Integration Tests: OLM single namespace operator tests failing 2014488 - Custom operator cannot change orders of condition tables 2014497 - Regex slows down different forms and creates too much recursion errors in the log 2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id' 2014614 - Metrics scraping requests should be assigned to exempt priority level 2014710 - TestIngressStatus test is broken on Azure 2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly 2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile 2015115 - [RFE] PCI passthrough 2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter 2015154 - Support ports defined networks and primarySubnet 2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic 2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production 2015386 - Possibility to add labels to the built-in OCP alerts 2015395 - Table head on Affinity Rules modal is not fully expanded 2015416 - CI implementation for Topology plugin 2015418 - Project Filesystem query returns No datapoints found 2015420 - No vm resource in project view's inventory 2015422 - No conflict checking on snapshot name 2015472 - Form and YAML view switch button should have distinguishable status 2015481 - [4.10] sriov-network-operator daemon pods are failing to start 2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting 2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English 2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2017427 - NTO does not restart TuneD daemon when profile application is taking too long 2017535 - Broken Argo CD link image on GitOps Details Page 2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references 2017564 - On-prem prepender dispatcher script overwrites DNS search settings 2017565 - CCMO does not handle additionalTrustBundle on Azure Stack 2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice 2017606 - [e2e][automation] add test to verify send key for VNC console 2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes 2017656 - VM IP address is "undefined" under VM details -> ssh field 2017663 - SSH password authentication is disabled when public key is not supplied 2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP 2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set 2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource 2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults 2017761 - [e2e][automation] dummy bug for 4.9 test dependency 2017872 - Add Sprint 209 translations 2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances 2017879 - Add Chinese translation for "alternate" 2017882 - multus: add handling of pod UIDs passed from runtime 2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods 2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI 2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS 2018094 - the tooltip length is limited 2018152 - CNI pod is not restarted when It cannot start servers due to ports being used 2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time 2018234 - user settings are saved in local storage instead of on cluster 2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?) 2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports) 2018275 - Topology graph doesn't show context menu for Export CSV 2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked 2018380 - Migrate docs links to access.redhat.com 2018413 - Error: context deadline exceeded, OCP 4.8.9 2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked 2018445 - [e2e][automation] enhance tests for downstream 2018446 - [e2e][automation] move tests to different level 2018449 - [e2e][automation] add test about create/delete network attachment definition 2018490 - [4.10] Image provisioning fails with file name too long 2018495 - Fix typo in internationalization README 2018542 - Kernel upgrade does not reconcile DaemonSet 2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit 2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes 2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950 2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10 2018985 - The rootdisk size is 15Gi of windows VM in customize wizard 2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. 2019096 - Update SRO leader election timeout to support SNO 2019129 - SRO in operator hub points to wrong repo for README 2019181 - Performance profile does not apply 2019198 - ptp offset metrics are not named according to the log output 2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest 2019284 - Stop action should not in the action list while VMI is not running 2019346 - zombie processes accumulation and Argument list too long 2019360 - [RFE] Virtualization Overview page 2019452 - Logger object in LSO appends to existing logger recursively 2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect 2019634 - Pause and migration is enabled in action list for a user who has view only permission 2019636 - Actions in VM tabs should be disabled when user has view only permission 2019639 - "Take snapshot" should be disabled while VM image is still been importing 2019645 - Create button is not removed on "Virtual Machines" page for view only user 2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user 2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user 2019717 - cant delete VM with un-owned pvc attached 2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass 2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always" 2019744 - [RFE] Suggest users to download newest RHEL 8 version 2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level 2019827 - Display issue with top-level menu items running demo plugin 2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded 2019886 - Kuryr unable to finish ports recovery upon controller restart 2019948 - [RFE] Restructring Virtualization links 2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster 2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout 2019986 - Dynamic demo plugin fails to build 2019992 - instance:node_memory_utilisation:ratio metric is incorrect 2020001 - Update dockerfile for demo dynamic plugin to reflect dir change 2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation. 2020107 - cluster-version-operator: remove runlevel from CVO namespace 2020153 - Creation of Windows high performance VM fails 2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public 2020250 - Replacing deprecated ioutil 2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build 2020275 - ClusterOperators link in console returns blank page during upgrades 2020377 - permissions error while using tcpdump option with must-gather 2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined 2020498 - "Show PromQL" button is disabled 2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature 2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI 2020664 - DOWN subports are not cleaned up 2020904 - When trying to create a connection from the Developer view between VMs, it fails 2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana 2021017 - 404 page not found error on knative eventing page 2021031 - QE - Fix the topology CI scripts 2021048 - [RFE] Added MAC Spoof check 2021053 - Metallb operator presented as community operator 2021067 - Extensive number of requests from storage version operator in cluster 2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes 2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass 2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node 2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating 2021152 - imagePullPolicy is "Always" for ptp operator images 2021191 - Project admins should be able to list available network attachment defintions 2021205 - Invalid URL in git import form causes validation to not happen on URL change 2021322 - cluster-api-provider-azure should populate purchase plan information 2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind 2021364 - Installer requires invalid AWS permission s3:GetBucketReplication 2021400 - Bump documentationBaseURL to 4.10 2021405 - [e2e][automation] VM creation wizard Cloud Init editor 2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected 2021466 - [e2e][automation] Windows guest tool mount 2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver 2021551 - Build is not recognizing the USER group from an s2i image 2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character 2021629 - api request counts for current hour are incorrect 2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page 2021693 - Modals assigned modal-lg class are no longer the correct width 2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines 2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled 2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags 2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem 2022053 - dpdk application with vhost-net is not able to start 2022114 - Console logging every proxy request 2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent) 2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long 2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2022509 - getOverrideForManifest does not check manifest.GVK.Group 2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard 2022627 - Machine object not picking up external FIP added to an openstack vm 2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:' 2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox 2022801 - Add Sprint 210 translations 2022811 - Fix kubelet log rotation file handle leak 2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations 2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2022880 - Pipeline renders with minor visual artifact with certain task dependencies 2022886 - Incorrect URL in operator description 2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config 2023060 - [e2e][automation] Windows VM with CDROM migration 2023077 - [e2e][automation] Home Overview Virtualization status 2023090 - [e2e][automation] Examples of Import URL for VM templates 2023102 - [e2e][automation] Cloudinit disk of VM from custom template 2023216 - ACL for a deleted egressfirewall still present on node join switch 2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9 2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy 2023342 - SCC admission should take ephemeralContainers into account 2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden) 2023434 - Update Azure Machine Spec API to accept Marketplace Images 2023500 - Latency experienced while waiting for volumes to attach to node 2023522 - can't remove package from index: database is locked 2023560 - "Network Attachment Definitions" has no project field on the top in the list view 2023592 - [e2e][automation] add mac spoof check for nad 2023604 - ACL violation when deleting a provisioning-configuration resource 2023607 - console returns blank page when normal user without any projects visit Installed Operators page 2023638 - Downgrade support level for extended control plane integration to Dev Preview 2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10 2023675 - Changing CNV Namespace 2023779 - Fix Patch 104847 in 4.9 2023781 - initial hardware devices is not loading in wizard 2023832 - CCO updates lastTransitionTime for non-Status changes 2023839 - Bump recommended FCOS to 34.20211031.3.0 2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly 2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository 2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8 2024055 - External DNS added extra prefix for the TXT record 2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully 2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json 2024199 - 400 Bad Request error for some queries for the non admin user 2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode 2024262 - Sample catalog is not displayed when one API call to the backend fails 2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability 2024316 - modal about support displays wrong annotation 2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected 2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page 2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view 2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined 2024515 - test-blocker: Ceph-storage-plugin tests failing 2024535 - hotplug disk missing OwnerReference 2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image 2024547 - Detail page is breaking for namespace store , backing store and bucket class. 2024551 - KMS resources not getting created for IBM FlashSystem storage 2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel 2024613 - pod-identity-webhook starts without tls 2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded 2024665 - Bindable services are not shown on topology 2024731 - linuxptp container: unnecessary checking of interfaces 2024750 - i18n some remaining OLM items 2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured 2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack 2024841 - test Keycloak with latest tag 2024859 - Not able to deploy an existing image from private image registry using developer console 2024880 - Egress IP breaks when network policies are applied 2024900 - Operator upgrade kube-apiserver 2024932 - console throws "Unauthorized" error after logging out 2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up 2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick 2025230 - ClusterAutoscalerUnschedulablePods should not be a warning 2025266 - CreateResource route has exact prop which need to be removed 2025301 - [e2e][automation] VM actions availability in different VM states 2025304 - overwrite storage section of the DV spec instead of the pvc section 2025431 - [RFE]Provide specific windows source link 2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36 2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node 2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local 2025481 - Update VM Snapshots UI 2025488 - [DOCS] Update the doc for nmstate operator installation 2025592 - ODC 4.9 supports invalid devfiles only 2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings" 2025767 - VMs orphaned during machineset scaleup 2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard 2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-* 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2026560 - Cluster-version operator does not remove unrecognized volume mounts 2026699 - fixed a bug with missing metadata 2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator 2026898 - Description/details are missing for Local Storage Operator 2027132 - Use the specific icon for Fedora and CentOS template 2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend 2027272 - KubeMemoryOvercommit alert should be human readable 2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group 2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue) 2027299 - The status of checkbox component is not revealed correctly in code 2027311 - K8s watch hooks do not work when fetching core resources 2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation 2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images 2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation 2027498 - [IBMCloud] SG Name character length limitation 2027501 - [4.10] Bootimage bump tracker 2027524 - Delete Application doesn't delete Channels or Brokers 2027563 - e2e/add-flow-ci.feature fix accessibility violations 2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges 2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions 2027685 - openshift-cluster-csi-drivers pods crashing on PSI 2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced 2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string 2027917 - No settings in hostfirmwaresettings and schema objects for masters 2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf 2027982 - nncp stucked at ConfigurationProgressing 2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters 2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed 2028030 - Panic detected in cluster-image-registry-operator pod 2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found" 2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9 2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin 2028141 - Console tests doesn't pass on Node.js 15 and 16 2028160 - Remove i18nKey in network-policy-peer-selectors.tsx 2028162 - Add Sprint 210 translations 2028170 - Remove leading and trailing whitespace 2028174 - Add Sprint 210 part 2 translations 2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it 2028217 - Cluster-version operator does not default Deployment replicas to one 2028240 - Multiple CatalogSources causing higher CPU use than necessary 2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings 2028325 - disableDrain should be set automatically on SNO 2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel 2028531 - Missing netFilter to the list of parameters when platform is OpenStack 2028610 - Installer doesn't retry on GCP rate limiting 2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting 2028695 - destroy cluster does not prune bootstrap instance profile 2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs 2028802 - CRI-O panic due to invalid memory address or nil pointer dereference 2028816 - VLAN IDs not released on failures 2028881 - Override not working for the PerformanceProfile template 2028885 - Console should show an error context if it logs an error object 2028949 - Masthead dropdown item hover text color is incorrect 2028963 - Whereabouts should reconcile stranded IP addresses 2029034 - enabling ExternalCloudProvider leads to inoperative cluster 2029178 - Create VM with wizard - page is not displayed 2029181 - Missing CR from PGT 2029273 - wizard is not able to use if project field is "All Projects" 2029369 - Cypress tests github rate limit errors 2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out 2029394 - missing empty text for hardware devices at wizard review 2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used 2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl 2029521 - EFS CSI driver cannot delete volumes under load 2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle 2029579 - Clicking on an Application which has a Helm Release in it causes an error 2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE 2029645 - Sync upstream 1.15.0 downstream 2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing 2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip 2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage 2029785 - CVO panic when an edge is included in both edges and conditionaledges 2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp) 2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error 2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2030228 - Fix StorageSpec resources field to use correct API 2030229 - Mirroring status card reflect wrong data 2030240 - Hide overview page for non-privileged user 2030305 - Export App job do not completes 2030347 - kube-state-metrics exposes metrics about resource annotations 2030364 - Shared resource CSI driver monitoring is not setup correctly 2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets 2030534 - Node selector/tolerations rules are evaluated too early 2030539 - Prometheus is not highly available 2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing 2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation 2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates. 2030677 - BOND CNI: There is no option to configure MTU on a Bond interface 2030692 - NPE in PipelineJobListener.upsertWorkflowJob 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030847 - PerformanceProfile API version should be v2 2030961 - Customizing the OAuth server URL does not apply to upgraded cluster 2031006 - Application name input field is not autofocused when user selects "Create application" 2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex 2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started 2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue 2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip 2031060 - Failing CSR Unit test due to expired test certificate 2031085 - ovs-vswitchd running more threads than expected 2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2031502 - [RFE] New common templates crash the ui 2031685 - Duplicated forward upstreams should be removed from the dns operator 2031699 - The displayed ipv6 address of a dns upstream should be case sensitive 2031797 - [RFE] Order and text of Boot source type input are wrong 2031826 - CI tests needed to confirm driver-toolkit image contents 2031831 - OCP Console - Global CSS overrides affecting dynamic plugins 2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional 2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled) 2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain) 2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself 2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource 2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64 2032141 - open the alertrule link in new tab, got empty page 2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy 2032296 - Cannot create machine with ephemeral disk on Azure 2032407 - UI will show the default openshift template wizard for HANA template 2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded 2032421 - [RFE] UI integration with automatic updated images 2032516 - Not able to import git repo with .devfile.yaml 2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource 2032547 - hardware devices table have filter when table is empty 2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool 2032566 - Cluster-ingress-router does not support Azure Stack 2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso 2032589 - DeploymentConfigs ignore resolve-names annotation 2032732 - Fix styling conflicts due to recent console-wide CSS changes 2032831 - Knative Services and Revisions are not shown when Service has no ownerReference 2032851 - Networking is "not available" in Virtualization Overview 2032926 - Machine API components should use K8s 1.23 dependencies 2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24 2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster 2033013 - Project dropdown in user preferences page is broken 2033044 - Unable to change import strategy if devfile is invalid 2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable 2033111 - IBM VPC operator library bump removed global CLI args 2033138 - "No model registered for Templates" shows on customize wizard 2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected 2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected 2033257 - unable to use configmap for helm charts 2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered 2033290 - Product builds for console are failing 2033382 - MAPO is missing machine annotations 2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations 2033403 - Devfile catalog does not show provider information 2033404 - Cloud event schema is missing source type and resource field is using wrong value 2033407 - Secure route data is not pre-filled in edit flow form 2033422 - CNO not allowing LGW conversion from SGW in runtime 2033434 - Offer darwin/arm64 oc in clidownloads 2033489 - CCM operator failing on baremetal platform 2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver 2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains 2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady 2033538 - Gather Cost Management Metrics Custom Resource 2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined 2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page 2033634 - list-style-type: disc is applied to the modal dropdowns 2033720 - Update samples in 4.10 2033728 - Bump OVS to 2.16.0-33 2033729 - remove runtime request timeout restriction for azure 2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended 2033749 - Azure Stack Terraform fails without Local Provider 2033750 - Local volume should pull multi-arch image for kube-rbac-proxy 2033751 - Bump kubernetes to 1.23 2033752 - make verify fails due to missing yaml-patch 2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource 2034004 - [e2e][automation] add tests for VM snapshot improvements 2034068 - [e2e][automation] Enhance tests for 4.10 downstream 2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore 2034097 - [OVN] After edit EgressIP object, the status is not correct 2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning 2034129 - blank page returned when clicking 'Get started' button 2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0 2034153 - CNO does not verify MTU migration for OpenShiftSDN 2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled 2034170 - Use function.knative.dev for Knative Functions related labels 2034190 - unable to add new VirtIO disks to VMs 2034192 - Prometheus fails to insert reporting metrics when the sample limit is met 2034243 - regular user cant load template list 2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version" 2034248 - GPU/Host device modal is too small 2034257 - regular user `Create VM` missing permissions alert 2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere 2034300 - Du validator policy is NonCompliant after DU configuration completed 2034319 - Negation constraint is not validating packages 2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology 2034350 - The CNO should implement the Whereabouts IP reconciliation cron job 2034362 - update description of disk interface 2034398 - The Whereabouts IPPools CRD should include the podref field 2034409 - Default CatalogSources should be pointing to 4.10 index images 2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics 2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode 2034460 - Summary: cloud-network-config-controller does not account for different environment 2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true 2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly 2034493 - Change cluster version operator log level 2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list 2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6 2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer 2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART 2034537 - Update team 2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds 2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success 2034577 - Current OVN gateway mode should be reflected on node annotation as well 2034621 - context menu not popping up for application group 2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10 2034624 - Warn about unsupported CSI driver in vsphere operator 2034647 - missing volumes list in snapshot modal 2034648 - Rebase openshift-controller-manager to 1.23 2034650 - Rebase openshift/builder to 1.23 2034705 - vSphere: storage e2e tests logging configuration data 2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. 2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment 2034785 - ptpconfig with summary_interval cannot be applied 2034823 - RHEL9 should be starred in template list 2034838 - An external router can inject routes if no service is added 2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent 2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty 2034881 - Cloud providers components should use K8s 1.23 dependencies 2034884 - ART cannot build the image because it tries to download controller-gen 2034889 - `oc adm prune deployments` does not work 2034898 - Regression in recently added Events feature 2034957 - update openshift-apiserver to kube 1.23.1 2035015 - ClusterLogForwarding CR remains stuck remediating forever 2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster 2035141 - [RFE] Show GPU/Host devices in template's details tab 2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC 2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting 2035199 - IPv6 support in mtu-migration-dispatcher.yaml 2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing 2035250 - Peering with ebgp peer over multi-hops doesn't work 2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices 2035315 - invalid test cases for AWS passthrough mode 2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env 2035321 - Add Sprint 211 translations 2035326 - [ExternalCloudProvider] installation with additional network on workers fails 2035328 - Ccoctl does not ignore credentials request manifest marked for deletion 2035333 - Kuryr orphans ports on 504 errors from Neutron 2035348 - Fix two grammar issues in kubevirt-plugin.json strings 2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets 2035409 - OLM E2E test depends on operator package that's no longer published 2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address 2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1' 2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster 2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page 2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers 2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class 2035602 - [e2e][automation] add tests for Virtualization Overview page cards 2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly 2035704 - RoleBindings list page filter doesn't apply 2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing. 2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed 2035772 - AccessMode and VolumeMode is not reserved for customize wizard 2035847 - Two dashes in the Cronjob / Job pod name 2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml 2035882 - [BIOS setting values] Create events for all invalid settings in spec 2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests” 2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen 2035927 - Cannot enable HighNodeUtilization scheduler profile 2035933 - volume mode and access mode are empty in customize wizard review tab 2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods 2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation 2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error 2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential 2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend 2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes 2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23 2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23 2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments 2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists 2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected 2036826 - `oc adm prune deployments` can prune the RC/RS 2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform 2036861 - kube-apiserver is degraded while enable multitenant 2036937 - Command line tools page shows wrong download ODO link 2036940 - oc registry login fails if the file is empty or stdout 2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container 2036989 - Route URL copy to clipboard button wraps to a separate line by itself 2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters 2036993 - Machine API components should use Go lang version 1.17 2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. 2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api 2037073 - Alertmanager container fails to start because of startup probe never being successful 2037075 - Builds do not support CSI volumes 2037167 - Some log level in ibm-vpc-block-csi-controller are hard code 2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles 2037182 - PingSource badge color is not matched with knativeEventing color 2037203 - "Running VMs" card is too small in Virtualization Overview 2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly 2037237 - Add "This is a CD-ROM boot source" to customize wizard 2037241 - default TTL for noobaa cache buckets should be 0 2037246 - Cannot customize auto-update boot source 2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately 2037288 - Remove stale image reference 2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources 2037483 - Rbacs for Pods within the CBO should be more restrictive 2037484 - Bump dependencies to k8s 1.23 2037554 - Mismatched wave number error message should include the wave numbers that are in conflict 2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform] 2037635 - impossible to configure custom certs for default console route in ingress config 2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8 2037638 - Builds do not support CSI volumes as volume sources 2037664 - text formatting issue in Installed Operators list table 2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037801 - Serverless installation is failing on CI jobs for e2e tests 2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format 2037856 - use lease for leader election 2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10 2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests 2037904 - upgrade operator deployment failed due to memory limit too low for manager container 2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation] 2038034 - non-privileged user cannot see auto-update boot source 2038053 - Bump dependencies to k8s 1.23 2038088 - Remove ipa-downloader references 2038160 - The `default` project missed the annotation : openshift.io/node-selector: "" 2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional 2038196 - must-gather is missing collecting some metal3 resources 2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777) 2038253 - Validator Policies are long lived 2038272 - Failures to build a PreprovisioningImage are not reported 2038384 - Azure Default Instance Types are Incorrect 2038389 - Failing test: [sig-arch] events should not repeat pathologically 2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket 2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips 2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained 2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect 2038663 - update kubevirt-plugin OWNERS 2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" 2038705 - Update ptp reviewers 2038761 - Open Observe->Targets page, wait for a while, page become blank 2038768 - All the filters on the Observe->Targets page can't work 2038772 - Some monitors failed to display on Observe->Targets page 2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node 2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard 2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation 2038864 - E2E tests fail because multi-hop-net was not created 2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console 2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured 2038968 - Move feature gates from a carry patch to openshift/api 2039056 - Layout issue with breadcrumbs on API explorer page 2039057 - Kind column is not wide enough in API explorer page 2039064 - Bulk Import e2e test flaking at a high rate 2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled 2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters 2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost 2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy 2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator 2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade 2039227 - Improve image customization server parameter passing during installation 2039241 - Improve image customization server parameter passing during installation 2039244 - Helm Release revision history page crashes the UI 2039294 - SDN controller metrics cannot be consumed correctly by prometheus 2039311 - oc Does Not Describe Build CSI Volumes 2039315 - Helm release list page should only fetch secrets for deployed charts 2039321 - SDN controller metrics are not being consumed by prometheus 2039330 - Create NMState button doesn't work in OperatorHub web console 2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations 2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. 2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead 2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced 2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message 2040150 - Update ConfigMap keys for IBM HPCS 2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth 2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository 2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp 2040376 - "unknown instance type" error for supported m6i.xlarge instance 2040394 - Controller: enqueue the failed configmap till services update 2040467 - Cannot build ztp-site-generator container image 2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4 2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps 2040535 - Auto-update boot source is not available in customize wizard 2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name 2040603 - rhel worker scaleup playbook failed because missing some dependency of podman 2040616 - rolebindings page doesn't load for normal users 2040620 - [MAPO] Error pulling MAPO image on installation 2040653 - Topology sidebar warns that another component is updated while rendering 2040655 - User settings update fails when selecting application in topology sidebar 2040661 - Different react warnings about updating state on unmounted components when leaving topology 2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation 2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi 2040694 - Three upstream HTTPClientConfig struct fields missing in the operator 2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers 2040710 - cluster-baremetal-operator cannot update BMC subscription CR 2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms 2040782 - Import YAML page blocks input with more then one generateName attribute 2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute 2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator 2040793 - Fix snapshot e2e failures 2040880 - do not block upgrades if we can't connect to vcenter 2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10 2041093 - autounattend.xml missing 2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates 2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped" 2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23 2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller 2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener 2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud 2041466 - Kubedescheduler version is missing from the operator logs 2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses 2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods) 2041492 - Spacing between resources in inventory card is too small 2041509 - GCP Cloud provider components should use K8s 1.23 dependencies 2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook 2041541 - audit: ManagedFields are dropped using API not annotation 2041546 - ovnkube: set election timer at RAFT cluster creation time 2041554 - use lease for leader election 2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected" 2041583 - etcd and api server cpu mask interferes with a guaranteed workload 2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure 2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation 2041620 - bundle CSV alm-examples does not parse 2041641 - Fix inotify leak and kubelet retaining memory 2041671 - Delete templates leads to 404 page 2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category 2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled 2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint 2041763 - The Observe > Alerting pages no longer have their default sort order applied 2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken 2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied 2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster 2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases 2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist 2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen 2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile 2041999 - [PROXY] external dns pod cannot recognize custom proxy CA 2042001 - unexpectedly found multiple load balancers 2042029 - kubedescheduler fails to install completely 2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters 2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs 2042059 - update discovery burst to reflect lots of CRDs on openshift clusters 2042069 - Revert toolbox to rhcos-toolbox 2042169 - Can not delete egressnetworkpolicy in Foreground propagation 2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud 2042274 - Storage API should be used when creating a PVC 2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection 2042366 - Lifecycle hooks should be independently managed 2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway 2042382 - [e2e][automation] CI takes more then 2 hours to run 2042395 - Add prerequisites for active health checks test 2042438 - Missing rpms in openstack-installer image 2042466 - Selection does not happen when switching from Topology Graph to List View 2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver 2042567 - insufficient info on CodeReady Containers configuration 2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk 2042619 - Overview page of the console is broken for hypershift clusters 2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running 2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud 2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud 2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly 2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring) 2042851 - Create template from SAP HANA template flow - VM is created instead of a new template 2042906 - Edit machineset with same machine deletion hook name succeed 2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal" 2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways' 2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2043043 - Cluster Autoscaler should use K8s 1.23 dependencies 2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props) 2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects". 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2044201 - Templates golden image parameters names should be supported 2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8] 2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied" 2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects 2044347 - Bump to kubernetes 1.23.3 2044481 - collect sharedresource cluster scoped instances with must-gather 2044496 - Unable to create hardware events subscription - failed to add finalizers 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2044680 - Additional libovsdb performance and resource consumption fixes 2044704 - Observe > Alerting pages should not show runbook links in 4.10 2044717 - [e2e] improve tests for upstream test environment 2044724 - Remove namespace column on VM list page when a project is selected 2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff 2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD 2045024 - CustomNoUpgrade alerts should be ignored 2045112 - vsphere-problem-detector has missing rbac rules for leases 2045199 - SnapShot with Disk Hot-plug hangs 2045561 - Cluster Autoscaler should use the same default Group value as Cluster API 2045591 - Reconciliation of aws pod identity mutating webhook did not happen 2045849 - Add Sprint 212 translations 2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10 2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin 2045916 - [IBMCloud] Default machine profile in installer is unreliable 2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment 2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify 2046137 - oc output for unknown commands is not human readable 2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance 2046297 - Bump DB reconnect timeout 2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations 2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors 2046626 - Allow setting custom metrics for Ansible-based Operators 2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud 2047025 - Installation fails because of Alibaba CSI driver operator is degraded 2047190 - Bump Alibaba CSI driver for 4.10 2047238 - When using communities and localpreferences together, only localpreference gets applied 2047255 - alibaba: resourceGroupID not found 2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions 2047317 - Update HELM OWNERS files under Dev Console 2047455 - [IBM Cloud] Update custom image os type 2047496 - Add image digest feature 2047779 - do not degrade cluster if storagepolicy creation fails 2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047929 - use lease for leader election 2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2048048 - Application tab in User Preferences dropdown menus are too wide. 2048050 - Topology list view items are not highlighted on keyboard navigation 2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2048413 - Bond CNI: Failed to attach Bond NAD to pod 2048443 - Image registry operator panics when finalizes config deletion 2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-* 2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2048598 - Web terminal view is broken 2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2048891 - Topology page is crashed 2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2049043 - Cannot create VM from template 2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2049886 - Placeholder bug for OCP 4.10.0 metadata release 2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members 2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2050370 - alert data for burn budget needs to be updated to prevent regression 2050393 - ZTP missing support for local image registry and custom machine config 2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2050737 - Remove metrics and events for master port offsets 2050801 - Vsphere upi tries to access vsphere during manifests generation phase 2050883 - Logger object in LSO does not log source location accurately 2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 2052062 - Whereabouts should implement client-go 1.22+ 2052125 - [4.10] Crio appears to be coredumping in some scenarios 2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch 2052756 - [4.10] PVs are not being cleaned up after PVC deletion 2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2053268 - inability to detect static lifecycle failure 2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053323 - OpenShift-Ansible BYOH Unit Tests are Broken 2053339 - Remove dev preview badge from IBM FlashSystem deployment windows 2053751 - ztp-site-generate container is missing convenience entrypoint 2053945 - [4.10] Failed to apply sriov policy on intel nics 2054109 - Missing "app" label 2054154 - RoleBinding in project without subject is causing "Project access" page to fail 2054244 - Latest pipeline run should be listed on the top of the pipeline run list 2054288 - console-master-e2e-gcp-console is broken 2054562 - DPU network operator 4.10 branch need to sync with master 2054897 - Unable to deploy hw-event-proxy operator 2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2055371 - Remove Check which enforces summary_interval must match logSyncInterval 2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API 2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2056479 - ovirt-csi-driver-node pods are crashing intermittently 2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope" 2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes" 2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2056948 - post 1.23 rebase: regression in service-load balancer reliability 2057438 - Service Level Agreement (SLA) always show 'Unknown' 2057721 - Fix Proxy support in RHACM 2.4.2 2057724 - Image creation fails when NMstateConfig CR is empty 2058641 - [4.10] Pod density test causing problems when using kube-burner 2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc 5. References: https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 GDM must be restarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/): 1207179 - Select items matching non existing pattern does not unselect already selected 1566027 - can't correctly compute contents size if hidden files are included 1569868 - Browsing samba shares using gvfs is very slow 1652178 - [RFE] perf-tool run on wayland 1656262 - The terminal's character display is unclear on rhel8 guest after installing gnome 1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled 1692536 - login screen shows after gnome-initial-setup 1706008 - Sound Effect sometimes fails to change to selected option. 1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead. 1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined 1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly 1758891 - tracker-devel subpackage missing from el8 repos 1775345 - Rebase xdg-desktop-portal to 1.6 1778579 - Nautilus does not respect umask settings. 1779691 - Rebase xdg-desktop-portal-gtk to 1.6 1794045 - There are two different high contrast versions of desktop icons 1804719 - Update vte291 to 0.52.4 1805929 - RHEL 8.1 gnome-shell-extension errors 1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp 1814820 - No checkbox to install updates in the shutdown dialog 1816070 - "search for an application to open this file" dialog broken 1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution 1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1817143 - Rebase WebKitGTK to 2.28 1820759 - Include IO stall fixes 1820760 - Include IO fixes 1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening 1827030 - gnome-settings-daemon: subscription notification on CentOS Stream 1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content 1832347 - [Rebase] Rebase pipewire to 0.3.x 1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install 1837381 - Backport screen cast improvements to 8.3 1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version 1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6 1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113 1840080 - Can not control top bar menus via keys in Wayland 1840788 - [flatpak][rhel8] unable to build potrace as dependency 1843486 - Software crash after clicking Updates tab 1844578 - anaconda very rarely crashes at startup with a pygobject traceback 1846191 - usb adapters hotplug crashes gnome-shell 1847051 - JS ERROR: TypeError: area is null 1847061 - File search doesn't work under certain locales 1847062 - gnome-remote-desktop crash on QXL graphics 1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV 1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow 1854734 - PipeWire 0.2 should be required by xdg-desktop-portal 1866332 - Remove obsolete libusb-devel dependency 1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at "Started GNOME Display Manager" - GDM regression issue. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: LibRaw-0.19.5-2.el8.src.rpm PackageKit-1.1.12-6.el8.src.rpm dleyna-renderer-0.6.0-3.el8.src.rpm frei0r-plugins-1.6.1-7.el8.src.rpm gdm-3.28.3-34.el8.src.rpm gnome-control-center-3.28.2-22.el8.src.rpm gnome-photos-3.28.1-3.el8.src.rpm gnome-remote-desktop-0.1.8-3.el8.src.rpm gnome-session-3.28.1-10.el8.src.rpm gnome-settings-daemon-3.32.0-11.el8.src.rpm gnome-shell-3.32.2-20.el8.src.rpm gnome-shell-extensions-3.32.1-11.el8.src.rpm gnome-terminal-3.28.3-2.el8.src.rpm gtk3-3.22.30-6.el8.src.rpm gvfs-1.36.2-10.el8.src.rpm mutter-3.32.2-48.el8.src.rpm nautilus-3.28.1-14.el8.src.rpm pipewire-0.3.6-1.el8.src.rpm pipewire0.2-0.2.7-6.el8.src.rpm potrace-1.15-3.el8.src.rpm tracker-2.1.5-2.el8.src.rpm vte291-0.52.4-2.el8.src.rpm webkit2gtk3-2.28.4-1.el8.src.rpm webrtc-audio-processing-0.3-9.el8.src.rpm xdg-desktop-portal-1.6.0-2.el8.src.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.src.rpm aarch64: PackageKit-1.1.12-6.el8.aarch64.rpm PackageKit-command-not-found-1.1.12-6.el8.aarch64.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-cron-1.1.12-6.el8.aarch64.rpm PackageKit-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-debugsource-1.1.12-6.el8.aarch64.rpm PackageKit-glib-1.1.12-6.el8.aarch64.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.aarch64.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.aarch64.rpm PackageKit-gtk3-module-1.1.12-6.el8.aarch64.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.aarch64.rpm frei0r-plugins-1.6.1-7.el8.aarch64.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.aarch64.rpm frei0r-plugins-debugsource-1.6.1-7.el8.aarch64.rpm frei0r-plugins-opencv-1.6.1-7.el8.aarch64.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.aarch64.rpm gdm-3.28.3-34.el8.aarch64.rpm gdm-debuginfo-3.28.3-34.el8.aarch64.rpm gdm-debugsource-3.28.3-34.el8.aarch64.rpm gnome-control-center-3.28.2-22.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-22.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-22.el8.aarch64.rpm gnome-remote-desktop-0.1.8-3.el8.aarch64.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.aarch64.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.aarch64.rpm gnome-session-3.28.1-10.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-10.el8.aarch64.rpm gnome-session-debugsource-3.28.1-10.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-10.el8.aarch64.rpm gnome-session-xsession-3.28.1-10.el8.aarch64.rpm gnome-settings-daemon-3.32.0-11.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.aarch64.rpm gnome-shell-3.32.2-20.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-20.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-20.el8.aarch64.rpm gnome-terminal-3.28.3-2.el8.aarch64.rpm gnome-terminal-debuginfo-3.28.3-2.el8.aarch64.rpm gnome-terminal-debugsource-3.28.3-2.el8.aarch64.rpm gnome-terminal-nautilus-3.28.3-2.el8.aarch64.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-6.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-3.22.30-6.el8.aarch64.rpm gtk3-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-debugsource-3.22.30-6.el8.aarch64.rpm gtk3-devel-3.22.30-6.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-6.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-6.el8.aarch64.rpm gvfs-1.36.2-10.el8.aarch64.rpm gvfs-afc-1.36.2-10.el8.aarch64.rpm gvfs-afc-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-afp-1.36.2-10.el8.aarch64.rpm gvfs-afp-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-archive-1.36.2-10.el8.aarch64.rpm gvfs-archive-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-client-1.36.2-10.el8.aarch64.rpm gvfs-client-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-debugsource-1.36.2-10.el8.aarch64.rpm gvfs-devel-1.36.2-10.el8.aarch64.rpm gvfs-fuse-1.36.2-10.el8.aarch64.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-goa-1.36.2-10.el8.aarch64.rpm gvfs-goa-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-gphoto2-1.36.2-10.el8.aarch64.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-mtp-1.36.2-10.el8.aarch64.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.aarch64.rpm gvfs-smb-1.36.2-10.el8.aarch64.rpm gvfs-smb-debuginfo-1.36.2-10.el8.aarch64.rpm libsoup-debuginfo-2.62.3-2.el8.aarch64.rpm libsoup-debugsource-2.62.3-2.el8.aarch64.rpm libsoup-devel-2.62.3-2.el8.aarch64.rpm mutter-3.32.2-48.el8.aarch64.rpm mutter-debuginfo-3.32.2-48.el8.aarch64.rpm mutter-debugsource-3.32.2-48.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-48.el8.aarch64.rpm nautilus-3.28.1-14.el8.aarch64.rpm nautilus-debuginfo-3.28.1-14.el8.aarch64.rpm nautilus-debugsource-3.28.1-14.el8.aarch64.rpm nautilus-extensions-3.28.1-14.el8.aarch64.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.aarch64.rpm pipewire-0.3.6-1.el8.aarch64.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-debugsource-0.3.6-1.el8.aarch64.rpm pipewire-devel-0.3.6-1.el8.aarch64.rpm pipewire-doc-0.3.6-1.el8.aarch64.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-libs-0.3.6-1.el8.aarch64.rpm pipewire-libs-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire-utils-0.3.6-1.el8.aarch64.rpm pipewire-utils-debuginfo-0.3.6-1.el8.aarch64.rpm pipewire0.2-debugsource-0.2.7-6.el8.aarch64.rpm pipewire0.2-devel-0.2.7-6.el8.aarch64.rpm pipewire0.2-libs-0.2.7-6.el8.aarch64.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.aarch64.rpm potrace-1.15-3.el8.aarch64.rpm potrace-debuginfo-1.15-3.el8.aarch64.rpm potrace-debugsource-1.15-3.el8.aarch64.rpm pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm python3-gobject-3.28.3-2.el8.aarch64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm tracker-2.1.5-2.el8.aarch64.rpm tracker-debuginfo-2.1.5-2.el8.aarch64.rpm tracker-debugsource-2.1.5-2.el8.aarch64.rpm vte-profile-0.52.4-2.el8.aarch64.rpm vte291-0.52.4-2.el8.aarch64.rpm vte291-debuginfo-0.52.4-2.el8.aarch64.rpm vte291-debugsource-0.52.4-2.el8.aarch64.rpm vte291-devel-debuginfo-0.52.4-2.el8.aarch64.rpm webkit2gtk3-2.28.4-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.28.4-1.el8.aarch64.rpm webkit2gtk3-devel-2.28.4-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.aarch64.rpm webrtc-audio-processing-0.3-9.el8.aarch64.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.aarch64.rpm webrtc-audio-processing-debugsource-0.3-9.el8.aarch64.rpm xdg-desktop-portal-1.6.0-2.el8.aarch64.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.aarch64.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.aarch64.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.aarch64.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.aarch64.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.aarch64.rpm noarch: gnome-classic-session-3.32.1-11.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-22.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-11.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-11.el8.noarch.rpm gnome-shell-extension-common-3.32.1-11.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-11.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-11.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-11.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-11.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-11.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-11.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-11.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-11.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-11.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-11.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-11.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-11.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-11.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-11.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-11.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-11.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-11.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-11.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-11.el8.noarch.rpm ppc64le: LibRaw-0.19.5-2.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-2.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-2.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.ppc64le.rpm PackageKit-1.1.12-6.el8.ppc64le.rpm PackageKit-command-not-found-1.1.12-6.el8.ppc64le.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-cron-1.1.12-6.el8.ppc64le.rpm PackageKit-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-debugsource-1.1.12-6.el8.ppc64le.rpm PackageKit-glib-1.1.12-6.el8.ppc64le.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.ppc64le.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.ppc64le.rpm PackageKit-gtk3-module-1.1.12-6.el8.ppc64le.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.ppc64le.rpm dleyna-renderer-0.6.0-3.el8.ppc64le.rpm dleyna-renderer-debuginfo-0.6.0-3.el8.ppc64le.rpm dleyna-renderer-debugsource-0.6.0-3.el8.ppc64le.rpm frei0r-plugins-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-debugsource-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-opencv-1.6.1-7.el8.ppc64le.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.ppc64le.rpm gdm-3.28.3-34.el8.ppc64le.rpm gdm-debuginfo-3.28.3-34.el8.ppc64le.rpm gdm-debugsource-3.28.3-34.el8.ppc64le.rpm gnome-control-center-3.28.2-22.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-22.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-22.el8.ppc64le.rpm gnome-photos-3.28.1-3.el8.ppc64le.rpm gnome-photos-debuginfo-3.28.1-3.el8.ppc64le.rpm gnome-photos-debugsource-3.28.1-3.el8.ppc64le.rpm gnome-photos-tests-3.28.1-3.el8.ppc64le.rpm gnome-remote-desktop-0.1.8-3.el8.ppc64le.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.ppc64le.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.ppc64le.rpm gnome-session-3.28.1-10.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-10.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-10.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-10.el8.ppc64le.rpm gnome-session-xsession-3.28.1-10.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-11.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.ppc64le.rpm gnome-shell-3.32.2-20.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-20.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-20.el8.ppc64le.rpm gnome-terminal-3.28.3-2.el8.ppc64le.rpm gnome-terminal-debuginfo-3.28.3-2.el8.ppc64le.rpm gnome-terminal-debugsource-3.28.3-2.el8.ppc64le.rpm gnome-terminal-nautilus-3.28.3-2.el8.ppc64le.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-6.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-3.22.30-6.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-debugsource-3.22.30-6.el8.ppc64le.rpm gtk3-devel-3.22.30-6.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-6.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-6.el8.ppc64le.rpm gvfs-1.36.2-10.el8.ppc64le.rpm gvfs-afc-1.36.2-10.el8.ppc64le.rpm gvfs-afc-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-afp-1.36.2-10.el8.ppc64le.rpm gvfs-afp-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-archive-1.36.2-10.el8.ppc64le.rpm gvfs-archive-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-client-1.36.2-10.el8.ppc64le.rpm gvfs-client-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-debugsource-1.36.2-10.el8.ppc64le.rpm gvfs-devel-1.36.2-10.el8.ppc64le.rpm gvfs-fuse-1.36.2-10.el8.ppc64le.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-goa-1.36.2-10.el8.ppc64le.rpm gvfs-goa-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-gphoto2-1.36.2-10.el8.ppc64le.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-mtp-1.36.2-10.el8.ppc64le.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.ppc64le.rpm gvfs-smb-1.36.2-10.el8.ppc64le.rpm gvfs-smb-debuginfo-1.36.2-10.el8.ppc64le.rpm libsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm libsoup-debugsource-2.62.3-2.el8.ppc64le.rpm libsoup-devel-2.62.3-2.el8.ppc64le.rpm mutter-3.32.2-48.el8.ppc64le.rpm mutter-debuginfo-3.32.2-48.el8.ppc64le.rpm mutter-debugsource-3.32.2-48.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-48.el8.ppc64le.rpm nautilus-3.28.1-14.el8.ppc64le.rpm nautilus-debuginfo-3.28.1-14.el8.ppc64le.rpm nautilus-debugsource-3.28.1-14.el8.ppc64le.rpm nautilus-extensions-3.28.1-14.el8.ppc64le.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.ppc64le.rpm pipewire-0.3.6-1.el8.ppc64le.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-debugsource-0.3.6-1.el8.ppc64le.rpm pipewire-devel-0.3.6-1.el8.ppc64le.rpm pipewire-doc-0.3.6-1.el8.ppc64le.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-libs-0.3.6-1.el8.ppc64le.rpm pipewire-libs-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire-utils-0.3.6-1.el8.ppc64le.rpm pipewire-utils-debuginfo-0.3.6-1.el8.ppc64le.rpm pipewire0.2-debugsource-0.2.7-6.el8.ppc64le.rpm pipewire0.2-devel-0.2.7-6.el8.ppc64le.rpm pipewire0.2-libs-0.2.7-6.el8.ppc64le.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.ppc64le.rpm potrace-1.15-3.el8.ppc64le.rpm potrace-debuginfo-1.15-3.el8.ppc64le.rpm potrace-debugsource-1.15-3.el8.ppc64le.rpm pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm python3-gobject-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm tracker-2.1.5-2.el8.ppc64le.rpm tracker-debuginfo-2.1.5-2.el8.ppc64le.rpm tracker-debugsource-2.1.5-2.el8.ppc64le.rpm vte-profile-0.52.4-2.el8.ppc64le.rpm vte291-0.52.4-2.el8.ppc64le.rpm vte291-debuginfo-0.52.4-2.el8.ppc64le.rpm vte291-debugsource-0.52.4-2.el8.ppc64le.rpm vte291-devel-debuginfo-0.52.4-2.el8.ppc64le.rpm webkit2gtk3-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-devel-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.ppc64le.rpm webrtc-audio-processing-0.3-9.el8.ppc64le.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.ppc64le.rpm webrtc-audio-processing-debugsource-0.3-9.el8.ppc64le.rpm xdg-desktop-portal-1.6.0-2.el8.ppc64le.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.ppc64le.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.ppc64le.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.ppc64le.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.ppc64le.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.ppc64le.rpm s390x: PackageKit-1.1.12-6.el8.s390x.rpm PackageKit-command-not-found-1.1.12-6.el8.s390x.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-cron-1.1.12-6.el8.s390x.rpm PackageKit-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-debugsource-1.1.12-6.el8.s390x.rpm PackageKit-glib-1.1.12-6.el8.s390x.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.s390x.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.s390x.rpm PackageKit-gtk3-module-1.1.12-6.el8.s390x.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.s390x.rpm frei0r-plugins-1.6.1-7.el8.s390x.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.s390x.rpm frei0r-plugins-debugsource-1.6.1-7.el8.s390x.rpm frei0r-plugins-opencv-1.6.1-7.el8.s390x.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.s390x.rpm gdm-3.28.3-34.el8.s390x.rpm gdm-debuginfo-3.28.3-34.el8.s390x.rpm gdm-debugsource-3.28.3-34.el8.s390x.rpm gnome-control-center-3.28.2-22.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-22.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-22.el8.s390x.rpm gnome-remote-desktop-0.1.8-3.el8.s390x.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.s390x.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.s390x.rpm gnome-session-3.28.1-10.el8.s390x.rpm gnome-session-debuginfo-3.28.1-10.el8.s390x.rpm gnome-session-debugsource-3.28.1-10.el8.s390x.rpm gnome-session-wayland-session-3.28.1-10.el8.s390x.rpm gnome-session-xsession-3.28.1-10.el8.s390x.rpm gnome-settings-daemon-3.32.0-11.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.s390x.rpm gnome-shell-3.32.2-20.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-20.el8.s390x.rpm gnome-shell-debugsource-3.32.2-20.el8.s390x.rpm gnome-terminal-3.28.3-2.el8.s390x.rpm gnome-terminal-debuginfo-3.28.3-2.el8.s390x.rpm gnome-terminal-debugsource-3.28.3-2.el8.s390x.rpm gnome-terminal-nautilus-3.28.3-2.el8.s390x.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.s390x.rpm gtk-update-icon-cache-3.22.30-6.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-3.22.30-6.el8.s390x.rpm gtk3-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-debugsource-3.22.30-6.el8.s390x.rpm gtk3-devel-3.22.30-6.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-immodule-xim-3.22.30-6.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-6.el8.s390x.rpm gvfs-1.36.2-10.el8.s390x.rpm gvfs-afp-1.36.2-10.el8.s390x.rpm gvfs-afp-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-archive-1.36.2-10.el8.s390x.rpm gvfs-archive-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-client-1.36.2-10.el8.s390x.rpm gvfs-client-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-debugsource-1.36.2-10.el8.s390x.rpm gvfs-devel-1.36.2-10.el8.s390x.rpm gvfs-fuse-1.36.2-10.el8.s390x.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-goa-1.36.2-10.el8.s390x.rpm gvfs-goa-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-gphoto2-1.36.2-10.el8.s390x.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-mtp-1.36.2-10.el8.s390x.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.s390x.rpm gvfs-smb-1.36.2-10.el8.s390x.rpm gvfs-smb-debuginfo-1.36.2-10.el8.s390x.rpm libsoup-debuginfo-2.62.3-2.el8.s390x.rpm libsoup-debugsource-2.62.3-2.el8.s390x.rpm libsoup-devel-2.62.3-2.el8.s390x.rpm mutter-3.32.2-48.el8.s390x.rpm mutter-debuginfo-3.32.2-48.el8.s390x.rpm mutter-debugsource-3.32.2-48.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-48.el8.s390x.rpm nautilus-3.28.1-14.el8.s390x.rpm nautilus-debuginfo-3.28.1-14.el8.s390x.rpm nautilus-debugsource-3.28.1-14.el8.s390x.rpm nautilus-extensions-3.28.1-14.el8.s390x.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.s390x.rpm pipewire-0.3.6-1.el8.s390x.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-debugsource-0.3.6-1.el8.s390x.rpm pipewire-devel-0.3.6-1.el8.s390x.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-libs-0.3.6-1.el8.s390x.rpm pipewire-libs-debuginfo-0.3.6-1.el8.s390x.rpm pipewire-utils-0.3.6-1.el8.s390x.rpm pipewire-utils-debuginfo-0.3.6-1.el8.s390x.rpm pipewire0.2-debugsource-0.2.7-6.el8.s390x.rpm pipewire0.2-devel-0.2.7-6.el8.s390x.rpm pipewire0.2-libs-0.2.7-6.el8.s390x.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.s390x.rpm potrace-1.15-3.el8.s390x.rpm potrace-debuginfo-1.15-3.el8.s390x.rpm potrace-debugsource-1.15-3.el8.s390x.rpm pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm pygobject3-debugsource-3.28.3-2.el8.s390x.rpm python3-gobject-3.28.3-2.el8.s390x.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm tracker-2.1.5-2.el8.s390x.rpm tracker-debuginfo-2.1.5-2.el8.s390x.rpm tracker-debugsource-2.1.5-2.el8.s390x.rpm vte-profile-0.52.4-2.el8.s390x.rpm vte291-0.52.4-2.el8.s390x.rpm vte291-debuginfo-0.52.4-2.el8.s390x.rpm vte291-debugsource-0.52.4-2.el8.s390x.rpm vte291-devel-debuginfo-0.52.4-2.el8.s390x.rpm webkit2gtk3-2.28.4-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.s390x.rpm webkit2gtk3-debugsource-2.28.4-1.el8.s390x.rpm webkit2gtk3-devel-2.28.4-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.s390x.rpm webrtc-audio-processing-0.3-9.el8.s390x.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.s390x.rpm webrtc-audio-processing-debugsource-0.3-9.el8.s390x.rpm xdg-desktop-portal-1.6.0-2.el8.s390x.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.s390x.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.s390x.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.s390x.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.s390x.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.s390x.rpm x86_64: LibRaw-0.19.5-2.el8.i686.rpm LibRaw-0.19.5-2.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-2.el8.i686.rpm LibRaw-debuginfo-0.19.5-2.el8.x86_64.rpm LibRaw-debugsource-0.19.5-2.el8.i686.rpm LibRaw-debugsource-0.19.5-2.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-2.el8.x86_64.rpm PackageKit-1.1.12-6.el8.x86_64.rpm PackageKit-command-not-found-1.1.12-6.el8.x86_64.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-command-not-found-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-cron-1.1.12-6.el8.x86_64.rpm PackageKit-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-debugsource-1.1.12-6.el8.i686.rpm PackageKit-debugsource-1.1.12-6.el8.x86_64.rpm PackageKit-glib-1.1.12-6.el8.i686.rpm PackageKit-glib-1.1.12-6.el8.x86_64.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-glib-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-gstreamer-plugin-1.1.12-6.el8.x86_64.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-gstreamer-plugin-debuginfo-1.1.12-6.el8.x86_64.rpm PackageKit-gtk3-module-1.1.12-6.el8.i686.rpm PackageKit-gtk3-module-1.1.12-6.el8.x86_64.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.i686.rpm PackageKit-gtk3-module-debuginfo-1.1.12-6.el8.x86_64.rpm dleyna-renderer-0.6.0-3.el8.x86_64.rpm dleyna-renderer-debuginfo-0.6.0-3.el8.x86_64.rpm dleyna-renderer-debugsource-0.6.0-3.el8.x86_64.rpm frei0r-plugins-1.6.1-7.el8.x86_64.rpm frei0r-plugins-debuginfo-1.6.1-7.el8.x86_64.rpm frei0r-plugins-debugsource-1.6.1-7.el8.x86_64.rpm frei0r-plugins-opencv-1.6.1-7.el8.x86_64.rpm frei0r-plugins-opencv-debuginfo-1.6.1-7.el8.x86_64.rpm gdm-3.28.3-34.el8.i686.rpm gdm-3.28.3-34.el8.x86_64.rpm gdm-debuginfo-3.28.3-34.el8.i686.rpm gdm-debuginfo-3.28.3-34.el8.x86_64.rpm gdm-debugsource-3.28.3-34.el8.i686.rpm gdm-debugsource-3.28.3-34.el8.x86_64.rpm gnome-control-center-3.28.2-22.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-22.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-22.el8.x86_64.rpm gnome-photos-3.28.1-3.el8.x86_64.rpm gnome-photos-debuginfo-3.28.1-3.el8.x86_64.rpm gnome-photos-debugsource-3.28.1-3.el8.x86_64.rpm gnome-photos-tests-3.28.1-3.el8.x86_64.rpm gnome-remote-desktop-0.1.8-3.el8.x86_64.rpm gnome-remote-desktop-debuginfo-0.1.8-3.el8.x86_64.rpm gnome-remote-desktop-debugsource-0.1.8-3.el8.x86_64.rpm gnome-session-3.28.1-10.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-10.el8.x86_64.rpm gnome-session-debugsource-3.28.1-10.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-10.el8.x86_64.rpm gnome-session-xsession-3.28.1-10.el8.x86_64.rpm gnome-settings-daemon-3.32.0-11.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-11.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-11.el8.x86_64.rpm gnome-shell-3.32.2-20.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-20.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-20.el8.x86_64.rpm gnome-terminal-3.28.3-2.el8.x86_64.rpm gnome-terminal-debuginfo-3.28.3-2.el8.x86_64.rpm gnome-terminal-debugsource-3.28.3-2.el8.x86_64.rpm gnome-terminal-nautilus-3.28.3-2.el8.x86_64.rpm gnome-terminal-nautilus-debuginfo-3.28.3-2.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-5.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-5.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-6.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-3.22.30-6.el8.i686.rpm gtk3-3.22.30-6.el8.x86_64.rpm gtk3-debuginfo-3.22.30-6.el8.i686.rpm gtk3-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-debugsource-3.22.30-6.el8.i686.rpm gtk3-debugsource-3.22.30-6.el8.x86_64.rpm gtk3-devel-3.22.30-6.el8.i686.rpm gtk3-devel-3.22.30-6.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-6.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-6.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-6.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-6.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-6.el8.x86_64.rpm gvfs-1.36.2-10.el8.x86_64.rpm gvfs-afc-1.36.2-10.el8.x86_64.rpm gvfs-afc-debuginfo-1.36.2-10.el8.i686.rpm gvfs-afc-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-afp-1.36.2-10.el8.x86_64.rpm gvfs-afp-debuginfo-1.36.2-10.el8.i686.rpm gvfs-afp-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-archive-1.36.2-10.el8.x86_64.rpm gvfs-archive-debuginfo-1.36.2-10.el8.i686.rpm gvfs-archive-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-client-1.36.2-10.el8.i686.rpm gvfs-client-1.36.2-10.el8.x86_64.rpm gvfs-client-debuginfo-1.36.2-10.el8.i686.rpm gvfs-client-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-debuginfo-1.36.2-10.el8.i686.rpm gvfs-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-debugsource-1.36.2-10.el8.i686.rpm gvfs-debugsource-1.36.2-10.el8.x86_64.rpm gvfs-devel-1.36.2-10.el8.i686.rpm gvfs-devel-1.36.2-10.el8.x86_64.rpm gvfs-fuse-1.36.2-10.el8.x86_64.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.i686.rpm gvfs-fuse-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-goa-1.36.2-10.el8.x86_64.rpm gvfs-goa-debuginfo-1.36.2-10.el8.i686.rpm gvfs-goa-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-gphoto2-1.36.2-10.el8.x86_64.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.i686.rpm gvfs-gphoto2-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-mtp-1.36.2-10.el8.x86_64.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.i686.rpm gvfs-mtp-debuginfo-1.36.2-10.el8.x86_64.rpm gvfs-smb-1.36.2-10.el8.x86_64.rpm gvfs-smb-debuginfo-1.36.2-10.el8.i686.rpm gvfs-smb-debuginfo-1.36.2-10.el8.x86_64.rpm libsoup-debuginfo-2.62.3-2.el8.i686.rpm libsoup-debuginfo-2.62.3-2.el8.x86_64.rpm libsoup-debugsource-2.62.3-2.el8.i686.rpm libsoup-debugsource-2.62.3-2.el8.x86_64.rpm libsoup-devel-2.62.3-2.el8.i686.rpm libsoup-devel-2.62.3-2.el8.x86_64.rpm mutter-3.32.2-48.el8.i686.rpm mutter-3.32.2-48.el8.x86_64.rpm mutter-debuginfo-3.32.2-48.el8.i686.rpm mutter-debuginfo-3.32.2-48.el8.x86_64.rpm mutter-debugsource-3.32.2-48.el8.i686.rpm mutter-debugsource-3.32.2-48.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-48.el8.i686.rpm mutter-tests-debuginfo-3.32.2-48.el8.x86_64.rpm nautilus-3.28.1-14.el8.x86_64.rpm nautilus-debuginfo-3.28.1-14.el8.i686.rpm nautilus-debuginfo-3.28.1-14.el8.x86_64.rpm nautilus-debugsource-3.28.1-14.el8.i686.rpm nautilus-debugsource-3.28.1-14.el8.x86_64.rpm nautilus-extensions-3.28.1-14.el8.i686.rpm nautilus-extensions-3.28.1-14.el8.x86_64.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.i686.rpm nautilus-extensions-debuginfo-3.28.1-14.el8.x86_64.rpm pipewire-0.3.6-1.el8.i686.rpm pipewire-0.3.6-1.el8.x86_64.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.i686.rpm pipewire-alsa-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-debuginfo-0.3.6-1.el8.i686.rpm pipewire-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-debugsource-0.3.6-1.el8.i686.rpm pipewire-debugsource-0.3.6-1.el8.x86_64.rpm pipewire-devel-0.3.6-1.el8.i686.rpm pipewire-devel-0.3.6-1.el8.x86_64.rpm pipewire-doc-0.3.6-1.el8.x86_64.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.i686.rpm pipewire-gstreamer-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-libs-0.3.6-1.el8.i686.rpm pipewire-libs-0.3.6-1.el8.x86_64.rpm pipewire-libs-debuginfo-0.3.6-1.el8.i686.rpm pipewire-libs-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire-utils-0.3.6-1.el8.x86_64.rpm pipewire-utils-debuginfo-0.3.6-1.el8.i686.rpm pipewire-utils-debuginfo-0.3.6-1.el8.x86_64.rpm pipewire0.2-debugsource-0.2.7-6.el8.i686.rpm pipewire0.2-debugsource-0.2.7-6.el8.x86_64.rpm pipewire0.2-devel-0.2.7-6.el8.i686.rpm pipewire0.2-devel-0.2.7-6.el8.x86_64.rpm pipewire0.2-libs-0.2.7-6.el8.i686.rpm pipewire0.2-libs-0.2.7-6.el8.x86_64.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.i686.rpm pipewire0.2-libs-debuginfo-0.2.7-6.el8.x86_64.rpm potrace-1.15-3.el8.i686.rpm potrace-1.15-3.el8.x86_64.rpm potrace-debuginfo-1.15-3.el8.i686.rpm potrace-debuginfo-1.15-3.el8.x86_64.rpm potrace-debugsource-1.15-3.el8.i686.rpm potrace-debugsource-1.15-3.el8.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el8.i686.rpm pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm pygobject3-debugsource-3.28.3-2.el8.i686.rpm pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm python3-gobject-3.28.3-2.el8.i686.rpm python3-gobject-3.28.3-2.el8.x86_64.rpm python3-gobject-base-3.28.3-2.el8.i686.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.i686.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm python3-gobject-debuginfo-3.28.3-2.el8.i686.rpm python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm tracker-2.1.5-2.el8.i686.rpm tracker-2.1.5-2.el8.x86_64.rpm tracker-debuginfo-2.1.5-2.el8.i686.rpm tracker-debuginfo-2.1.5-2.el8.x86_64.rpm tracker-debugsource-2.1.5-2.el8.i686.rpm tracker-debugsource-2.1.5-2.el8.x86_64.rpm vte-profile-0.52.4-2.el8.x86_64.rpm vte291-0.52.4-2.el8.i686.rpm vte291-0.52.4-2.el8.x86_64.rpm vte291-debuginfo-0.52.4-2.el8.i686.rpm vte291-debuginfo-0.52.4-2.el8.x86_64.rpm vte291-debugsource-0.52.4-2.el8.i686.rpm vte291-debugsource-0.52.4-2.el8.x86_64.rpm vte291-devel-debuginfo-0.52.4-2.el8.i686.rpm vte291-devel-debuginfo-0.52.4-2.el8.x86_64.rpm webkit2gtk3-2.28.4-1.el8.i686.rpm webkit2gtk3-2.28.4-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-debuginfo-2.28.4-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.28.4-1.el8.i686.rpm webkit2gtk3-debugsource-2.28.4-1.el8.x86_64.rpm webkit2gtk3-devel-2.28.4-1.el8.i686.rpm webkit2gtk3-devel-2.28.4-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.28.4-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.28.4-1.el8.x86_64.rpm webrtc-audio-processing-0.3-9.el8.i686.rpm webrtc-audio-processing-0.3-9.el8.x86_64.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.i686.rpm webrtc-audio-processing-debuginfo-0.3-9.el8.x86_64.rpm webrtc-audio-processing-debugsource-0.3-9.el8.i686.rpm webrtc-audio-processing-debugsource-0.3-9.el8.x86_64.rpm xdg-desktop-portal-1.6.0-2.el8.x86_64.rpm xdg-desktop-portal-debuginfo-1.6.0-2.el8.x86_64.rpm xdg-desktop-portal-debugsource-1.6.0-2.el8.x86_64.rpm xdg-desktop-portal-gtk-1.6.0-1.el8.x86_64.rpm xdg-desktop-portal-gtk-debuginfo-1.6.0-1.el8.x86_64.rpm xdg-desktop-portal-gtk-debugsource-1.6.0-1.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: gsettings-desktop-schemas-3.32.0-5.el8.src.rpm libsoup-2.62.3-2.el8.src.rpm pygobject3-3.28.3-2.el8.src.rpm aarch64: gsettings-desktop-schemas-3.32.0-5.el8.aarch64.rpm libsoup-2.62.3-2.el8.aarch64.rpm libsoup-debuginfo-2.62.3-2.el8.aarch64.rpm libsoup-debugsource-2.62.3-2.el8.aarch64.rpm pygobject3-debuginfo-3.28.3-2.el8.aarch64.rpm pygobject3-debugsource-3.28.3-2.el8.aarch64.rpm python3-gobject-base-3.28.3-2.el8.aarch64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.aarch64.rpm python3-gobject-debuginfo-3.28.3-2.el8.aarch64.rpm ppc64le: gsettings-desktop-schemas-3.32.0-5.el8.ppc64le.rpm libsoup-2.62.3-2.el8.ppc64le.rpm libsoup-debuginfo-2.62.3-2.el8.ppc64le.rpm libsoup-debugsource-2.62.3-2.el8.ppc64le.rpm pygobject3-debuginfo-3.28.3-2.el8.ppc64le.rpm pygobject3-debugsource-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-3.28.3-2.el8.ppc64le.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.ppc64le.rpm python3-gobject-debuginfo-3.28.3-2.el8.ppc64le.rpm s390x: gsettings-desktop-schemas-3.32.0-5.el8.s390x.rpm libsoup-2.62.3-2.el8.s390x.rpm libsoup-debuginfo-2.62.3-2.el8.s390x.rpm libsoup-debugsource-2.62.3-2.el8.s390x.rpm pygobject3-debuginfo-3.28.3-2.el8.s390x.rpm pygobject3-debugsource-3.28.3-2.el8.s390x.rpm python3-gobject-base-3.28.3-2.el8.s390x.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.s390x.rpm python3-gobject-debuginfo-3.28.3-2.el8.s390x.rpm x86_64: gsettings-desktop-schemas-3.32.0-5.el8.x86_64.rpm libsoup-2.62.3-2.el8.i686.rpm libsoup-2.62.3-2.el8.x86_64.rpm libsoup-debuginfo-2.62.3-2.el8.i686.rpm libsoup-debuginfo-2.62.3-2.el8.x86_64.rpm libsoup-debugsource-2.62.3-2.el8.i686.rpm libsoup-debugsource-2.62.3-2.el8.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el8.x86_64.rpm pygobject3-debugsource-3.28.3-2.el8.x86_64.rpm python3-gobject-base-3.28.3-2.el8.x86_64.rpm python3-gobject-base-debuginfo-3.28.3-2.el8.x86_64.rpm python3-gobject-debuginfo-3.28.3-2.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4" References ========== [ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 |
| var-200609-1027 | Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation (PADI) packets. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Both local and remote vulnerabilities are present |
| var-201904-1408 | A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that comes with the default browser on MacOSX and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0" References ========== [ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Grand Central Dispatch Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad IOUserEthernet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 mDNSOffloadUserClient Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: Utku Altinkaynak Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Symptom Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4345: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition APFS We would like to acknowledge Umang Raghuvanshi for their assistance. Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA// ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL 8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7 d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4= =dGPm -----END PGP SIGNATURE----- . Installation note: Safari 12 may be obtained from the Mac App Store. ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. The issue was addressed by removing origin information. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018 |
| var-202201-0372 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability is caused by a boundary error in the lookup in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.8 General Availability release images, which provide security and container updates. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) Bug fix: * RHACM 2.3.8 images (Bugzilla #2062316) 3. Bugs fixed (https://bugzilla.redhat.com/): 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images 5. Description: Expat is a C library for parsing XML documents. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlrpc-c security update Advisory ID: RHSA-2022:7692-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7692 Issue date: 2022-11-08 CVE Names: CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ==================================================================== 1. Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: xmlrpc-c-1.51.0-8.el8.src.rpm aarch64: xmlrpc-c-1.51.0-8.el8.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm ppc64le: xmlrpc-c-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm s390x: xmlrpc-c-1.51.0-8.el8.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm x86_64: xmlrpc-c-1.51.0-8.el8.i686.rpm xmlrpc-c-1.51.0-8.el8.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-1.51.0-8.el8.i686.rpm xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm s390x: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm x86_64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm xmlrpc-c-devel-1.51.0-8.el8.i686.rpm xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5 Vot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG LF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5 K/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU JOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8 0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd IlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ XaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI nv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y qKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7 uOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S ZzcPNNMPHw0=wFwS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce |
| var-200612-0136 | Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. NetBSD ftpd and tnftpd are prone to a remote buffer-overflow vulnerability. This issue is due to an off-by-one error; it allows attackers to corrupt memory. Remote attackers may execute arbitrary machine code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Gentoo update for mit-krb5 SECUNIA ADVISORY ID: SA23903 VERIFY ADVISORY: http://secunia.com/advisories/23903/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for krb5. This fixes some vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23690 SA23696 SOLUTION: Update to "app-crypt/mit-krb5-1.5.2" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml OTHER REFERENCES: SA23690: http://secunia.com/advisories/23690/ SA235696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- |
| var-201609-0593 | Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2016-6304) * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736) * It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-8610) * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) * A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7 7. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4. For the unstable distribution (sid), these problems will be fixed soon. The JBoss server process must be restarted for the update to take effect. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016 openssl regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38 After a standard system update you need to reboot your computer to make all the necessary changes. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support. OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. SSL_peek() hang on empty record (CVE-2016-6305) =============================================== Severity: Moderate OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack. OpenSSL 1.1.0 users should upgrade to 1.1.0a This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team. SWEET32 Mitigation (CVE-2016-2183) ================================== Severity: Low SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team. OOB write in MDC2_Update() (CVE-2016-6303) ========================================== Severity: Low An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Malformed SHA512 ticket DoS (CVE-2016-6302) =========================================== Severity: Low If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. OOB write in BN_bn2dec() (CVE-2016-2182) ======================================== Severity: Low The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. OOB read in TS_OBJ_print_bio() (CVE-2016-2180) ============================================== Severity: Low The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Pointer arithmetic undefined behaviour (CVE-2016-2177) ====================================================== Severity: Low Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: "p + len > limit" Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. Constant time flag not preserved in DSA signing (CVE-2016-2178) =============================================================== Severity: Low Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida. DTLS buffered message DoS (CVE-2016-2179) ========================================= Severity: Low In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion. OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team. DTLS replay protection DoS (CVE-2016-2181) ========================================== Severity: Low A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection. OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team. Certificate message OOB reads (CVE-2016-6306) ============================================= Severity: Low In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication. OpenSSL 1.1.0 is not affected. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) ========================================================================== Severity: Low A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect DTLS users. OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) ============================================================================= Severity: Low This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS. A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect TLS users. OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html |
| var-201304-0375 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the sun.awt.image.ImageRepresentation.setICMpixels' native function. The issue lies in the handling of the scanlineStride argument, which is not properly validated before being used. By manipulating the function's arguments an attacker can force an integer overflow to occur before indexing into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Oracle Java SE is prone to an integer-overflow vulnerability in Java Runtime Environment. This vulnerability affects the following supported versions: 7 Update 17 , 6 Update 43 , 5.0 Update 41. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03898880 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03898880 Version: 1 HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-08-19 Last Updated: 2013-08-16 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v5.0.28 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-0401 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1491 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1500 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2013-1518 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1537 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1569 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1571 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2383 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2384 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2394 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2417 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2419 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2420 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2424 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2430 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2432 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2439 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2013-2444 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2445 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2013-2446 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2447 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2450 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2452 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2454 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-2455 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2456 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2457 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-2459 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2463 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2464 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2470 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2471 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-3743 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/go/java HP-UX Version HPJava Version B.11.11, B.11.23, B.11.31 JDK / JRE v5.0.29 or subsequent MANUAL ACTIONS: Yes - Update For Java v5.0 update to Java v5.0.29 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS action: install revision 1.5.0.29.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.29.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 19 August 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-1806-1 April 23, 2013 openjdk-7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0401) James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436) Two vulnerabilities were discovered in the OpenJDK JRE related to confidentiality. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2415, CVE-2013-2424) Two vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2417, CVE-2013-2419) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2013-2423) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-jamvm 7u21-2.3.9-0ubuntu0.12.10.1 openjdk-7-jre 7u21-2.3.9-0ubuntu0.12.10.1 openjdk-7-jre-headless 7u21-2.3.9-0ubuntu0.12.10.1 openjdk-7-jre-lib 7u21-2.3.9-0ubuntu0.12.10.1 openjdk-7-jre-zero 7u21-2.3.9-0ubuntu0.12.10.1 This update uses a new upstream release, which includes additional bug fixes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3 Description =========== Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All IcedTea JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-32.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0752-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0752.html Issue date: 2013-04-17 CVE Names: CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384) Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518, CVE-2013-1557) The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. (CVE-2013-1537) Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details. The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. (CVE-2013-2420) It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421, CVE-2013-2423) It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430) The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2013-1488, CVE-2013-2426) The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-0401) Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. (CVE-2013-2417, CVE-2013-2419) The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. (CVE-2013-2424) It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. (CVE-2013-2415) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 920245 - CVE-2013-0401 OpenJDK: unspecified sandbox bypass (CanSecWest 2013, AWT) 920247 - CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest 2013, Libraries) 952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040) 952389 - CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542) 952398 - CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677) 952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435) 952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918) 952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667) 952550 - CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049) 952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617) 952640 - CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507) 952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857) 952645 - CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336) 952646 - CVE-2013-1518 OpenJDK: JAXP missing security restrictions (JAXP, 6657673) 952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329) 952649 - CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699) 952653 - CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063) 952656 - CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031) 952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724) 952708 - CVE-2013-2383 OpenJDK: font layout and glyph table errors (2D, 8004986) 952709 - CVE-2013-2384 OpenJDK: font layout and glyph table errors (2D, 8004987) 952711 - CVE-2013-1569 OpenJDK: font layout and glyph table errors (2D, 8004994) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.src.rpm i386: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.i386.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.i386.rpm x86_64: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0401.html https://www.redhat.com/security/data/cve/CVE-2013-1488.html https://www.redhat.com/security/data/cve/CVE-2013-1518.html https://www.redhat.com/security/data/cve/CVE-2013-1537.html https://www.redhat.com/security/data/cve/CVE-2013-1557.html https://www.redhat.com/security/data/cve/CVE-2013-1558.html https://www.redhat.com/security/data/cve/CVE-2013-1569.html https://www.redhat.com/security/data/cve/CVE-2013-2383.html https://www.redhat.com/security/data/cve/CVE-2013-2384.html https://www.redhat.com/security/data/cve/CVE-2013-2415.html https://www.redhat.com/security/data/cve/CVE-2013-2417.html https://www.redhat.com/security/data/cve/CVE-2013-2419.html https://www.redhat.com/security/data/cve/CVE-2013-2420.html https://www.redhat.com/security/data/cve/CVE-2013-2421.html https://www.redhat.com/security/data/cve/CVE-2013-2422.html https://www.redhat.com/security/data/cve/CVE-2013-2423.html https://www.redhat.com/security/data/cve/CVE-2013-2424.html https://www.redhat.com/security/data/cve/CVE-2013-2426.html https://www.redhat.com/security/data/cve/CVE-2013-2429.html https://www.redhat.com/security/data/cve/CVE-2013-2430.html https://www.redhat.com/security/data/cve/CVE-2013-2431.html https://www.redhat.com/security/data/cve/CVE-2013-2436.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRbvJKXlSAg2UNWIIRAqUrAJ9Z/4p4Hfhem2IW/HyrENsM6alnkACeJrNj u7V5CaCh5MYZ84AllqEIm+E= =pvGZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRcSLkmqjQ0CJFipgRAsEgAJ4gHSUUcP7uDS3JIxzQZxnCLwXe1QCfTQXq o4NG1rmFdAUfR4q/O/aHdtM= =EXuM -----END PGP SIGNATURE----- |
| var-201210-0270 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. The vulnerability can be exploited over multiple protocols. This issue affects the 'Security' sub-component. This vulnerability affects the following supported versions: 7 Update 7, 6 Update 35. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_35 Description: Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5086 CVE-2012-5089 CVE-2012-5979 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: 2ca7594a6f7849b502715e8473cf46ef73570da6 For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: eff777cdc39b4e3336b3477f60e8ad769ded8532 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQfZ+bAAoJEPefwLHPlZEwF+YP/iVGN+CqCkLf7SavQUwyTQ08 a6+I34hefvCQcLCQ4EBYOzDXUJIlcH2azcGnvQsrrgWgpoE6ykqyj4fkpwLM0nF1 CfcSGOV8hmC2ZtR2PgJLcaP4FDKyNoOqLtKY6KtZnUQNcKBYcdM/y3OON9Zc0F2/ m/nQGnm3RfuXYXzSmTwJVKjuR1MkhUfZ9N6cwYUfjQC6cQaRs4tjeezd1jaobeXZ lfk5Mo/kp3KTwAKsjdwqIThGX/UXdHQm9PnGfU9ktNv0429vKTX4VarPjyLsIeiO GcBjfzRKzWYrbzTyKqKRAmtC/TcTnGJ8AfOjCP6HedeelJEbHB3iBb4ugqHzcPGG ffZ9rZy8SMVppJyv3NeJJN86Kl3etdShmhj7maxyQUopDanpZQraaarkNlSYyLql I0z4/IGX6W4Y2HYI+5wRchSewZi9mU9tw1HFZaoINaPBynEC0jihbeT5P9olX7mL 1OrWyPMPeaXtD9VRaSlV1WwPojJp26XrcWFUu6gqCOWRTzL0h83hNJrQJwTW7PrT g6ryifMGItMkmOuINyniuUbz1PcOiQZ5VhtQn8XbvjX4BpGS6GJ4IAJ0rv9nSeON PGv6JcpEAdjEdsChnDTGGTyUzQSN+HU/KTd7Jngg/Bu1v96ZAqrmVzFVkZi+6dtN 8KhhmiZ54RdiudmsUgFu =TWGY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:169 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : November 1, 2012 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security issues were identified and fixed in OpenJDK (icedtea6): * S6631398, CVE-2012-3216: FilePermission improved path checking * S7093490: adjust package access in rmiregistry * S7143535, CVE-2012-5068: ScriptEngine corrected permissions * S7167656, CVE-2012-5077: Multiple Seeders are being created * S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types * S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector * S7172522, CVE-2012-5072: Improve DomainCombiner checking * S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC * S7189103, CVE-2012-5069: Executors needs to maintain state * S7189490: More improvements to DomainCombiner checking * S7189567, CVE-2012-5085: java net obselete protocol * S7192975, CVE-2012-5071: Conditional usage check is wrong * S7195194, CVE-2012-5084: Better data validation for Swing * S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved * S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance * S7198296, CVE-2012-5089: Refactor classloader usage * S7158800: Improve storage of symbol tables * S7158801: Improve VM CompileOnly option * S7158804: Improve config file parsing * S7176337: Additional changes needed for 7158801 fix * S7198606, CVE-2012-4416: Improve VM optimization The updated packages provides icedtea6-1.11.5 which is not vulnerable to these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQklqImqjQ0CJFipgRAiNOAJ4qA9L2NTdql1htD7pQDNJrDlPnUgCguupW xu3AOptE+B1OsUdPAeTUH5o= =2CFK -----END PGP SIGNATURE----- . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. Bugs fixed (http://bugzilla.redhat.com/): 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757) 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476) 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) 865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) 865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884) 865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) 865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) 865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286) 865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) 865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296) 865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) 865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103) 865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919) 867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D) 867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment) 867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment) 867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX) 867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment) 867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D) 876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution 876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution 876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305) 920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D) 952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040) 952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435) 952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918) 952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667) 952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617) 952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857) 952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329) 952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031) 952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724) 952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986) 952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987) 952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994) 953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install) 953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) 953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) 953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03595351 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03595351 Version: 1 HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v7.0.03, v6.0.16 and v5.0.26 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1531 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1532 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1533 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3143 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3159 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-3216 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-4416 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5068 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-5069 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2012-5071 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5072 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5073 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5075 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5077 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5079 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2012-5081 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5083 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5084 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2012-5085 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 0.0 CVE-2012-5086 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5087 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5089 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 NOTE: The following apply to both v7.0.03 and v6.0.16 and earlier: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5089 NOTE: The following apply to v5.0.26 and earlier: CVE-2012-1531, CVE-2012-3143, CVE-2012-3216, CVE-2012-5069, CVE-2012-5071, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5089 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java HP-UX B.11.23, B.11.31 JDK and JRE v7.0.04 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.17 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v5.0.27 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.04 or subsequent For Java v6.0 update to Java v6.0.17 or subsequent For Java v5.0 update to Java v5.0.27 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.04.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS action: install revision 1.5.0.27.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.27.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 12 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-1619-1 October 26, 2012 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070) Vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088) A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081) Please see the following for more information: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1 icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1 Ubuntu 11.10: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1 Ubuntu 11.04: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2 This update uses a new upstream release, which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2012:1386-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1386.html Issue date: 2012-10-17 CVE Names: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089) The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606) 865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) 865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) 865350 - CVE-2012-5070 OpenJDK: EnvHelp information disclosure (JMX, 7158796) 865352 - CVE-2012-5076 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7163198) 865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656) 865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884) 865359 - CVE-2012-5074 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7169887) 865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) 865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) 865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286) 865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917) 865434 - CVE-2012-5087 OpenJDK: PropertyElementHandler insufficient access checks (Beans, 7195549) 865471 - CVE-2012-5088 OpenJDK: MethodHandle insufficient access control checks (Libraries, 7196190) 865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) 865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296) 865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) 865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103) 865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567) 865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm i386: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3216.html https://www.redhat.com/security/data/cve/CVE-2012-4416.html https://www.redhat.com/security/data/cve/CVE-2012-5068.html https://www.redhat.com/security/data/cve/CVE-2012-5069.html https://www.redhat.com/security/data/cve/CVE-2012-5070.html https://www.redhat.com/security/data/cve/CVE-2012-5071.html https://www.redhat.com/security/data/cve/CVE-2012-5072.html https://www.redhat.com/security/data/cve/CVE-2012-5073.html https://www.redhat.com/security/data/cve/CVE-2012-5074.html https://www.redhat.com/security/data/cve/CVE-2012-5075.html https://www.redhat.com/security/data/cve/CVE-2012-5076.html https://www.redhat.com/security/data/cve/CVE-2012-5077.html https://www.redhat.com/security/data/cve/CVE-2012-5079.html https://www.redhat.com/security/data/cve/CVE-2012-5081.html https://www.redhat.com/security/data/cve/CVE-2012-5084.html https://www.redhat.com/security/data/cve/CVE-2012-5085.html https://www.redhat.com/security/data/cve/CVE-2012-5086.html https://www.redhat.com/security/data/cve/CVE-2012-5087.html https://www.redhat.com/security/data/cve/CVE-2012-5088.html https://www.redhat.com/security/data/cve/CVE-2012-5089.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.3/NEWS http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQftouXlSAg2UNWIIRAu4QAJ9oluAxlU3ZC8CvezRk4Erm08HD+QCeNlqf GG07IH3dgJiG+gj47Cm1WNQ= =8X+P -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-200603-0279 | Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. Apple has released Security Update 2006-001 to address multiple remote and local Mac OS X vulnerabilities. Apple has also released updates to address these issues. Details of the fixes are available via the PHP web site (www.php.net). PHP ships with Mac OS X but is disabled by default. automount CVE-ID: CVE-2006-0384 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Malicious network servers may cause a denial of service or arbitrary code execution Description: File servers on the local network may be able to cause Mac OS X systems to mount file systems with reserved names. This could cause the systems to become unresponsive, or possibly allow arbitrary code delivered from the file servers to run on the target system. This update addresses the issue by properly sanitizing those paths. Credit to Stephane Kardas of CERTA for reporting this issue. This could lead to privilege elevation. This update addresses the issue by anticipating a hostile environment and by creating temporary files securely. Credit to Ilja van Sprundel of Suresec LTD, vade79, and iDefense (idefense.com) for reporting this issue. FileVault CVE-ID: CVE-2006-0386 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: FileVault may permit access to files during when it is first enabled Description: User directories are mounted in an unsafe fashion when a FileVault image is created. This update secures the method in which a FileVault image is created. This update addresses the issues by correctly handling the conditions that may cause crashes. Credit to OUSPG from the University of Oulu, NISCC, and CERT-FI for coordinating and reporting this issue. LibSystem CVE-ID: CVE-2005-3706 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Attackers may cause crashes or arbitrary code execution depending upon the application Description: An attacker able to cause an application to make requests for large amounts of memory may also be able to trigger a heap buffer overflow. This could cause the targeted application to crash or execute arbitrary code. This update addresses the issue by correctly handling these memory requests. This issue does not affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue. Mail CVE-ID: CVE-2006-0395 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Download Validation fails to warn about unsafe file types Description: In Mac OS X v10.4 Tiger, when an email attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not "safe". Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments. perl CVE-ID: CVE-2005-4217 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: Perl programs may fail to drop privileges Description: When a perl program running as root attempts to switch to another user ID, the operation may fail without notification to the program. This may cause a program to continue to run with root privileges, assuming they have been dropped. This can cause security issues in third-party tools. This update addresses the issue by preventing such applications from continuing if the operation fails. This issue does not affect Mac OS X v10.4 or later systems. Credit to Jason Self for reporting this issue. rsync CVE-ID: CVE-2005-3712 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Authenticated users may cause an rsync server to crash or execute arbitrary code Description: A heap-based buffer overflow may be triggered when the rsync server is used with the flag that allows extended attributes to be transferred. It may be possible for a malicious user with access to an rsync server to cause denial of service or code execution. This update addresses the problem by ensuring that the destination buffer is large enough to hold the extended attributes. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jan-Derk Bakker for reporting this issue. Safari CVE-ID: CVE-2005-4504 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a maliciously-crafted web page may result in arbitrary code execution Description: A heap-based buffer overflow in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or execute arbitrary code as the user viewing the site. This update addresses the issue by preventing the condition causing the overflow. Credit to Suresec LTD for reporting this issue. Safari CVE-ID: CVE-2006-0387 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a malicious web page may cause arbitrary code execution Description: By preparing a web page including specially-crafted JavaScript, an attacker may trigger a stack buffer overflow that could lead to arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional bounds checking. An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions. This update addresses the issue by preventing cross-domain HTTP redirects. Safari, LaunchServices CVE-ID: CVE-2006-0394 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a malicious web site may result in arbitrary code execution Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. Syndication CVE-ID: CVE-2006-0389 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Subscriptions to malicious RSS content can lead to cross-site scripting Description: Syndication (Safari RSS) may allow JavaScript code embedded in feeds to run within the context of the RSS reader document, allowing malicious feeds to circumvent Safari's security model. This update addresses the issue by properly removing JavaScript code from feeds. Syndication is only available in Mac OS X v10.4 and later. The following security enhancements are also included in this update: FileVault: AES-128 encrypted FileVault disk images are now created with more restrictive operating system permissions. Credit to Eric Hall of DarkArt Consulting Services for reporting this issue. iChat: A malicious application named Leap.A that attempts to propagate using iChat has been detected. Users should use caution when opening files that are obtained from the network. Further information is available via: http://docs.info.apple.com/article.html?artnum=108009 Security Update 2006-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5 The download file is named: "SecUpd2006-001Ti.dmg" Its SHA-1 digest is: 999b73a54951b4e0a7f873fecf75f92840e8b439 For Mac OS X v10.4.5 (Intel) The download file is named: "SecUpd2006-001Intel.dmg" Its SHA-1 digest is: 473f94264876fa49fa15a8b6bb4bc30956502ad5 For Mac OS X v10.3.9 The download file is named: "SecUpd2006-001Pan.dmg" Its SHA-1 digest is: b6a000d451a1b1696726ff60142fc3da08042433 For Mac OS X Server v10.3.9 The download file is named: "SecUpdSrvr2006-001Pan.dmg" Its SHA-1 digest is: 2299380d72a61eadcbd0a5c6f46c924600ff5a9c Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe cmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4 i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI 9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw== =1Ww0 -----END PGP SIGNATURE----- . Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability iDefense Security Advisory 03.02.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=399 March 02, 2006 I. More information is available at the following link: http://www.apple.com/macosx/ II. III. ANALYSIS Exploitation could allow a remote attacker to overwrite a file with user-supplied contents. This can be leveraged to gain code execution on the target machine by overwriting executable files such as login scripts. IV. DETECTION iDefense has confirmed the existence of this vulnerability in MacOS X 10.4.2. V. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-0391 to this issue. VIII. DISCLOSURE TIMELINE This issue was independently discovered by St\xe9phane Kardas of CERTA and reported to the vendor. 03/02/2006 Public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp Free tools, research and upcoming events http://labs.idefense.com X. LEGAL NOTICES Copyright \xa9 2006 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. The weakness is caused due to an error in the KHTMLParser when parsing certain malformed HTML documents. This can be exploited to crash an application that uses the parser via a specially crafted HTML file. In certain cases, this may cause the system to become unresponsive. Other applications that use the parser may also be affected. SOLUTION: Do not open or follow links to HTML files from non-trusted sources. PROVIDED AND/OR DISCOVERED BY: Tom Ferris ORIGINAL ADVISORY: http://security-protocols.com/advisory/sp-x22-advisory.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- |
| var-201904-1397 | An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. Apple watchOS/tvOS/iOS are prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. The iTunes Store is one of the digital media online store components with proprietary software as the interface. Attackers can exploit this vulnerability to forge password pop-up windows in the iTunes Store. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Grand Central Dispatch Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad IOUserEthernet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 mDNSOffloadUserClient Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: Utku Altinkaynak Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Symptom Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. CVE-2018-4319: John Pettitt of Google WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4345: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition APFS We would like to acknowledge Umang Raghuvanshi for their assistance. Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Feedback Assistant We would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro's Zero Day Initiative for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Quick Look We would like to acknowledge lokihardt of Google Project Zero for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA// ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL 8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7 d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4= =dGPm -----END PGP SIGNATURE----- |
| var-200704-0213 | load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. According to Apple information, you may be granted system privileges. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AirPortDriver module, CoreServices, Libinfo, Login Window, Natd, SMB, System Configuration, URLMount, VideoConference framework, WebDAV, and WebFoundation. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues. When loading the WebDAV file system, the load_webdav program may be started without proper cleaning and mitigation, and there is a privilege escalation vulnerability. Local users can use this to create files or execute commands with system privileges. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Gentoo update for mit-krb5 SECUNIA ADVISORY ID: SA23903 VERIFY ADVISORY: http://secunia.com/advisories/23903/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for krb5. This fixes some vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA23690 SA23696 SOLUTION: Update to "app-crypt/mit-krb5-1.5.2" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml OTHER REFERENCES: SA23690: http://secunia.com/advisories/23690/ SA235696: http://secunia.com/advisories/23696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- |
| var-201711-0480 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0009 ------------------------------------------------------------------------ Date reported : November 10, 2017 Advisory ID : WSA-2017-0009 Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803. Several vulnerabilities were discovered in WebKitGTK+. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, November 10, 2017 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: December 14, 2017 Bugs: #637076 ID: 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3" References ========== [ 1 ] CVE-2017-13783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783 [ 2 ] CVE-2017-13784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784 [ 3 ] CVE-2017-13785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785 [ 4 ] CVE-2017-13788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788 [ 5 ] CVE-2017-13791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791 [ 6 ] CVE-2017-13792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792 [ 7 ] CVE-2017-13793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793 [ 8 ] CVE-2017-13794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794 [ 9 ] CVE-2017-13795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795 [ 10 ] CVE-2017-13796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796 [ 11 ] CVE-2017-13798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798 [ 12 ] CVE-2017-13802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802 [ 13 ] CVE-2017-13803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201712-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================================== Ubuntu Security Notice USN-3481-1 November 16, 2017 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1 Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3481-1 CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1 --cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-1 iOS 11.1 iOS 11.1 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13849: Ro of SavSec Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2017-13805: Yiğit Can YILMAZ (@yilmazcanyigit) StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Characters in a secure text field might be revealed Description: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management. CVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7opHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbQiw// bEkSQWlXTfpJ/9F2VKbMv+++td8sXozC3ICj9Ho+zhctxNY3MvIqXY8B4MrWB5+e wgz1X/EQSCMItE2u20uISfApls/8/pBde6kKnca9rPGr7I2BKsuHTfCT3taSkhoj EWMHEb64Se0hSiWKj99HJ80It9bDGSHz1cofpYDCNSMFBCiGWF2EbMgxUa55T5Vx BtWZ91y2oU6gTsu4ZSR5NXG+Hi/vFYDnAFSr2/5Dgud4fl0tYk1KZ725g2YvXT7S E3qV6shwcQtpf5ixm4G2cYalfiAmkYYjA/q2sgLClHDVXaPzahTS9ScMygKo4BsZ RDboCM0q0ywPl+xnNJFuq2ZpZAfMefuXpcjTSxBDoNXliphzH2YOjk5YtHV47S+x E8+b/bGDvBiKXJFo+yotJ07er0XtFPxfJKwgaYAi8VAfEXZrIv0uDQfYIZieMIRz VznZvlaKXpA1Ms3R3rY2ukI9gdyPD0wk7r8zAGD0eTdl8E0bMI89UaSMWqDGf1Jm 9AWKOB7na2ElWNHeEMUAhReOL4jHqu/FLkRuoYVAiYKYUDWJGDlD79Yz8bTqnwtu AWHqstzzcUVg1HXcwR5ngUDGFFOU2vVkqZRK6uwzCRzd/a7QQ/Lu+86GkfxPUB+p 9rtwIDGcTg0795ylrx8NLY/3BD8xcBMhfcZbpX5TF8s= =qJV/ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ |
| var-200102-0030 | The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2 The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net). This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes). _____ Contents 115 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php _____ Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php _____ Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php _____ Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php _____ Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php _____ Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php _____ Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php _____ Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php _____ Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php _____ Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php _____ Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php _____ Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php _____ Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php _____ Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php _____ Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php _____ Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php _____ Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php _____ Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php _____ Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php _____ Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php _____ Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php _____ Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php _____ Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php _____ Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php _____ Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php _____ Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php _____ Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php _____ Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php _____ Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php _____ Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php _____ Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php _____ Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php _____ Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php _____ Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php _____ Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php _____ Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php _____ Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php _____ Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php _____ Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php _____ Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php _____ Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php _____ Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php _____ Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php _____ Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php _____ Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php _____ Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php _____ Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php _____ Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php _____ Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php _____ Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php _____ Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php _____ Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php _____ Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php _____ Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php _____ Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php _____ Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php _____ Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php _____ Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php _____ Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php _____ Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php _____ Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php _____ Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php _____ Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php _____ Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php _____ Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php _____ Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php _____ Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php _____ Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php _____ Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php _____ Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php _____ Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php _____ Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php _____ Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php _____ Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php _____ Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php _____ Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php _____ Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php _____ Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php _____ Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php _____ Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php _____ Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php _____ Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php _____ Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php _____ Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE----- |
| var-202207-0381 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Node.js Foundation of Node.js For products from other vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Node.js July 7th 2022 Security Releases: DNS rebinding in --inspect via invalid IP addresses. When an invalid IPv4 address is provided (for instance 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server or a MITM who can spoof DNS responses to perform a rebinding attack and hence connect to the WebSocket debugger, allowing for arbitrary code execution. This is a bypass of CVE-2021-22884. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update Advisory ID: RHSA-2022:6389-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6389 Issue date: 2022-09-08 CVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 ==================================================================== 1. Summary: An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.20.0). Security Fix(es): * nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212) * nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213) * nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214) * nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215) * got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding 2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z] 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm ppc64le: rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm s390x: rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-32212 https://access.redhat.com/security/cve/CVE-2022-32213 https://access.redhat.com/security/cve/CVE-2022-32214 https://access.redhat.com/security/cve/CVE-2022-32215 https://access.redhat.com/security/cve/CVE-2022-33987 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/ ODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm VScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ bAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF IPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq +62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM 4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M 3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91 BYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI nBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX bcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz hGdWoRKL34w\xcePC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5326-1 security@debian.org https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nodejs CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u3. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8 TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9 0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2 idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7 u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Node.js: Multiple Vulnerabilities Date: May 08, 2024 Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614 ID: 202405-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Node.js. Background ========= Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Affected packages ================ Package Vulnerable Unaffected --------------- ------------ ------------ net-libs/nodejs < 16.20.2 >= 16.20.2 Description ========== Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Node.js 20 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1" All Node.js 18 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1" All Node.js 16 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2" References ========= [ 1 ] CVE-2020-7774 https://nvd.nist.gov/vuln/detail/CVE-2020-7774 [ 2 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 3 ] CVE-2021-22883 https://nvd.nist.gov/vuln/detail/CVE-2021-22883 [ 4 ] CVE-2021-22884 https://nvd.nist.gov/vuln/detail/CVE-2021-22884 [ 5 ] CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918 [ 6 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 7 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 8 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 9 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 10 ] CVE-2021-22959 https://nvd.nist.gov/vuln/detail/CVE-2021-22959 [ 11 ] CVE-2021-22960 https://nvd.nist.gov/vuln/detail/CVE-2021-22960 [ 12 ] CVE-2021-37701 https://nvd.nist.gov/vuln/detail/CVE-2021-37701 [ 13 ] CVE-2021-37712 https://nvd.nist.gov/vuln/detail/CVE-2021-37712 [ 14 ] CVE-2021-39134 https://nvd.nist.gov/vuln/detail/CVE-2021-39134 [ 15 ] CVE-2021-39135 https://nvd.nist.gov/vuln/detail/CVE-2021-39135 [ 16 ] CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 [ 17 ] CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 [ 18 ] CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 [ 19 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 20 ] CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602 [ 21 ] CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786 [ 22 ] CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 [ 23 ] CVE-2022-32212 https://nvd.nist.gov/vuln/detail/CVE-2022-32212 [ 24 ] CVE-2022-32213 https://nvd.nist.gov/vuln/detail/CVE-2022-32213 [ 25 ] CVE-2022-32214 https://nvd.nist.gov/vuln/detail/CVE-2022-32214 [ 26 ] CVE-2022-32215 https://nvd.nist.gov/vuln/detail/CVE-2022-32215 [ 27 ] CVE-2022-32222 https://nvd.nist.gov/vuln/detail/CVE-2022-32222 [ 28 ] CVE-2022-35255 https://nvd.nist.gov/vuln/detail/CVE-2022-35255 [ 29 ] CVE-2022-35256 https://nvd.nist.gov/vuln/detail/CVE-2022-35256 [ 30 ] CVE-2022-35948 https://nvd.nist.gov/vuln/detail/CVE-2022-35948 [ 31 ] CVE-2022-35949 https://nvd.nist.gov/vuln/detail/CVE-2022-35949 [ 32 ] CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 [ 33 ] CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 [ 34 ] CVE-2023-30582 https://nvd.nist.gov/vuln/detail/CVE-2023-30582 [ 35 ] CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30583 [ 36 ] CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 [ 37 ] CVE-2023-30586 https://nvd.nist.gov/vuln/detail/CVE-2023-30586 [ 38 ] CVE-2023-30587 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 [ 39 ] CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 [ 40 ] CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 [ 41 ] CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 [ 42 ] CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 [ 43 ] CVE-2023-32003 https://nvd.nist.gov/vuln/detail/CVE-2023-32003 [ 44 ] CVE-2023-32004 https://nvd.nist.gov/vuln/detail/CVE-2023-32004 [ 45 ] CVE-2023-32005 https://nvd.nist.gov/vuln/detail/CVE-2023-32005 [ 46 ] CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 [ 47 ] CVE-2023-32558 https://nvd.nist.gov/vuln/detail/CVE-2023-32558 [ 48 ] CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 |
| var-201801-1708 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Linux Kernel Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Linux kernel versions prior to 4.11, and 4.9.x prior to 4.9.36 are vulnerable. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017) * kernel: Stack information leak in the EFS element (CVE-2017-1000410) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Google Project Zero for reporting CVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431591 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies 1519160 - CVE-2017-1000410 kernel: Stack information leak in the EFS element 1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 1548412 - CVE-2017-13166 kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation 1567074 - CVE-2018-8897 Kernel: error in exception handling leads to DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-696.28.1.el6.src.rpm i386: kernel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-devel-2.6.32-696.28.1.el6.i686.rpm kernel-headers-2.6.32-696.28.1.el6.i686.rpm perf-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-696.28.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-696.28.1.el6.src.rpm i386: kernel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-devel-2.6.32-696.28.1.el6.i686.rpm kernel-headers-2.6.32-696.28.1.el6.i686.rpm perf-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm ppc64: kernel-2.6.32-696.28.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.28.1.el6.ppc64.rpm kernel-debug-2.6.32-696.28.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.28.1.el6.ppc64.rpm kernel-devel-2.6.32-696.28.1.el6.ppc64.rpm kernel-headers-2.6.32-696.28.1.el6.ppc64.rpm perf-2.6.32-696.28.1.el6.ppc64.rpm perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm s390x: kernel-2.6.32-696.28.1.el6.s390x.rpm kernel-debug-2.6.32-696.28.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debug-devel-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.28.1.el6.s390x.rpm kernel-devel-2.6.32-696.28.1.el6.s390x.rpm kernel-headers-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.28.1.el6.s390x.rpm perf-2.6.32-696.28.1.el6.s390x.rpm perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.28.1.el6.ppc64.rpm perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm python-perf-2.6.32-696.28.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-2.6.32-696.28.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.28.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.28.1.el6.s390x.rpm perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm python-perf-2.6.32-696.28.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-696.28.1.el6.src.rpm i386: kernel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-devel-2.6.32-696.28.1.el6.i686.rpm kernel-headers-2.6.32-696.28.1.el6.i686.rpm perf-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm kernel-doc-2.6.32-696.28.1.el6.noarch.rpm kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm x86_64: kernel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm kernel-headers-2.6.32-696.28.1.el6.x86_64.rpm perf-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-2.6.32-696.28.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.28.1.el6.i686.rpm perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm python-perf-2.6.32-696.28.1.el6.i686.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.28.1.el6.x86_64.rpm perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm python-perf-2.6.32-696.28.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.28.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-7645 https://access.redhat.com/security/cve/CVE-2017-8824 https://access.redhat.com/security/cve/CVE-2017-13166 https://access.redhat.com/security/cve/CVE-2017-18017 https://access.redhat.com/security/cve/CVE-2017-1000410 https://access.redhat.com/security/cve/CVE-2018-8897 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3431591 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa8fO8XlSAg2UNWIIRAnN0AKCBdjdw1bC12xju0GwoOedA1L8osACaA1Ze 4IKrbiFeHd+C9bqCjUFX4pw= =3psi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. To be fully functional, up-to-date CPU microcode applied on the system might be required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update, mitigation for PowerPC architecture is provided. Bugs fixed (https://bugzilla.redhat.com/): 1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. (BZ#1549731) * Intel Core X-Series (Skylake) processors use a hardcoded Time Stamp Counter (TSC) frequency of 25 MHz. In some cases this can be imprecise and lead to timing-related problems such as time drift, timers being triggered early, or TSC clock instability. This update mitigates these problems by no longer using the "native_calibrate_tsc()" function to define the TSC frequency. Refined calibration is now used to update the clock rate accordingly in these cases. (BZ#1547854) 4. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the "retpoline" compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service. CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a null pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution. CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service. CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a null pointer dereference. A local user could use this for denial of service. CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the "noflush_merge" mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service. CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a null pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default. CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation. CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a null pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service. CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities. CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact. CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service. CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . SchAPnherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| jvndb-2023-000042 | WordPress Plugin "Newsletter" vulnerable to cross-site scripting | 2023-05-09T14:42+09:00 | 2024-06-13T16:14+09:00 |
| jvndb-2022-000068 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure | 2022-09-05T15:22+09:00 | 2024-06-13T16:00+09:00 |
| jvndb-2022-002448 | Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows | 2022-10-11T17:02+09:00 | 2024-06-13T14:30+09:00 |
| jvndb-2022-002544 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-10-20T16:18+09:00 | 2024-06-13T13:58+09:00 |
| jvndb-2022-000067 | Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries | 2022-08-29T15:57+09:00 | 2024-06-13T13:53+09:00 |
| jvndb-2022-000070 | Movable Type plugin A-Form vulnerable to cross-site scripting | 2022-09-09T15:01+09:00 | 2024-06-13T13:49+09:00 |
| jvndb-2022-000069 | PowerCMS XMLRPC API vulnerable to command injection | 2022-09-02T15:49+09:00 | 2024-06-13T11:44+09:00 |
| jvndb-2022-002367 | OpenAM (OpenAM Consortium Edition) vulnerable to open redirect | 2022-09-16T15:30+09:00 | 2024-06-13T11:39+09:00 |
| jvndb-2022-000071 | Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service | 2022-09-14T18:15+09:00 | 2024-06-13T11:34+09:00 |
| jvndb-2022-000073 | Multiple vulnerabilities in EC-CUBE | 2022-09-15T16:30+09:00 | 2024-06-13T11:09+09:00 |
| jvndb-2022-000072 | EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files | 2022-09-15T16:13+09:00 | 2024-06-13T11:03+09:00 |
| jvndb-2023-000015 | Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G | 2023-02-13T14:48+09:00 | 2024-06-12T17:03+09:00 |
| jvndb-2022-002537 | Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE | 2022-10-19T16:23+09:00 | 2024-06-12T16:54+09:00 |
| jvndb-2022-000081 | Lemon8 App fails to restrict access permissions | 2022-10-19T14:08+09:00 | 2024-06-12T16:39+09:00 |
| jvndb-2024-000062 | Denial-of-service (DoS) vulnerability in IPCOM WAF function | 2024-06-12T15:03+09:00 | 2024-06-12T15:03+09:00 |
| jvndb-2022-000075 | IPFire WebUI vulnerable to cross-site scripting | 2022-10-06T13:05+09:00 | 2024-06-12T14:28+09:00 |
| jvndb-2023-000013 | Ichiran App vulnerable to improper server certificate verification | 2023-02-06T14:31+09:00 | 2024-06-12T14:25+09:00 |
| jvndb-2022-000074 | BookStack vulnerable to cross-site scripting | 2022-09-30T14:48+09:00 | 2024-06-12T14:07+09:00 |
| jvndb-2022-000077 | The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries | 2022-10-11T15:08+09:00 | 2024-06-12T12:12+09:00 |
| jvndb-2022-000076 | Growi vulnerable to improper access control | 2022-10-07T14:30+09:00 | 2024-06-12T12:04+09:00 |
| jvndb-2023-000017 | Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools | 2023-02-14T17:00+09:00 | 2024-06-12T11:15+09:00 |
| jvndb-2023-000012 | Vulnerability in Driver Distributor where passwords are stored in a recoverable format | 2023-01-31T14:14+09:00 | 2024-06-12T11:07+09:00 |
| jvndb-2023-000011 | SUSHIRO App for Android outputs sensitive information to the log file | 2023-01-31T14:10+09:00 | 2024-06-11T17:35+09:00 |
| jvndb-2023-001269 | File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center | 2023-03-01T16:59+09:00 | 2024-06-11T16:42+09:00 |
| jvndb-2023-000014 | NEC PC Settings Tool vulnerable to missing authentication for critical function | 2023-02-10T14:43+09:00 | 2024-06-10T18:13+09:00 |
| jvndb-2023-000019 | Multiple cross-site scripting vulnerabilities in EC-CUBE | 2023-02-28T16:38+09:00 | 2024-06-10T17:28+09:00 |
| jvndb-2023-001212 | Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2 | 2023-02-08T12:46+09:00 | 2024-06-10T17:25+09:00 |
| jvndb-2023-000018 | Multiple cross-site scripting vulnerabilities in SHIRASAGI | 2023-02-22T15:16+09:00 | 2024-06-10T17:18+09:00 |
| jvndb-2024-000058 | WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection | 2024-06-07T15:24+09:00 | 2024-06-10T17:08+09:00 |
| jvndb-2023-000023 | Multiple vulnerabilities in PostgreSQL extension module pg_ivm | 2023-03-06T15:22+09:00 | 2024-06-10T16:41+09:00 |