Search criteria
463 vulnerabilities found for glibc by gnu
FKIE_CVE-2025-5745
Vulnerability from fkie_nvd - Published: 2025-06-05 20:15 - Updated: 2025-10-22 14:03{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD32E7F-D237-4BDD-B35C-DFE624C3BEC3",
"versionEndExcluding": "2.40-136",
"versionStartIncluding": "2.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B69127-C2AF-40E7-A8F5-A8E7135736AC",
"versionEndExcluding": "2.41-57",
"versionStartIncluding": "2.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de strncmp optimizada para el procesador Power10 en GNU C Library versi\u00f3n 2.40 y posteriores escribe en los registros vectoriales v20 a v31 sin guardar el contenido del llamador (esos registros est\u00e1n definidos como registros no vol\u00e1tiles por la ABI powerpc64le), lo que da como resultado la sobrescritura de su contenido y la posible alteraci\u00f3n del flujo de control del llamador o la filtraci\u00f3n de las cadenas de entrada a la funci\u00f3n a otras partes del programa."
}
],
"id": "CVE-2025-5745",
"lastModified": "2025-10-22T14:03:33.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-05T20:15:27.377",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Issue Tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33060"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-5702
Vulnerability from fkie_nvd - Published: 2025-06-05 19:15 - Updated: 2025-10-01 15:37{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11DB6645-FBFE-4D4F-A4B5-800A1E5121EC",
"versionEndExcluding": "2.39-209",
"versionStartIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D163B8-3B41-4E62-A663-754619807309",
"versionEndExcluding": "2.40-139",
"versionStartIncluding": "2.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFAD8AF-BE93-4289-B4C4-7834FFFAEBD0",
"versionEndExcluding": "2.41-60",
"versionStartIncluding": "2.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de strcmp optimizada para el procesador Power10 en GNU C Library versi\u00f3n 2.39 y posteriores escribe en los registros vectoriales v20 a v31 sin guardar el contenido del llamador (esos registros est\u00e1n definidos como registros no vol\u00e1tiles por la ABI powerpc64le), lo que da como resultado la sobrescritura de su contenido y la posible alteraci\u00f3n del flujo de control del llamador o la filtraci\u00f3n de las cadenas de entrada a la funci\u00f3n a otras partes del programa."
}
],
"id": "CVE-2025-5702",
"lastModified": "2025-10-01T15:37:50.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-05T19:15:31.073",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Issue Tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-4802
Vulnerability from fkie_nvd - Published: 2025-05-16 20:15 - Updated: 2025-11-03 20:19{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29CCC9F6-2130-4DA8-8B5D-7A00337CBC0A",
"versionEndIncluding": "2.38",
"versionStartIncluding": "2.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)."
},
{
"lang": "es",
"value": "La vulnerabilidad de la variable de entorno no confiable LD_LIBRARY_PATH en GNU C Library versi\u00f3n 2.27 a 2.38 permite al atacante cargar, controlada por un atacante, una librer\u00eda compartida din\u00e1micamente en binarios setuid compilados est\u00e1ticamente que llaman a dlopen (incluidas las llamadas internas a dlopen despu\u00e9s de setlocale o las llamadas a funciones NSS como getaddrinfo)."
}
],
"id": "CVE-2025-4802",
"lastModified": "2025-11-03T20:19:11.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-16T20:15:22.280",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Issue Tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32976"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Patch"
],
"url": "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/05/16/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/05/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33600
Vulnerability from fkie_nvd - Published: 2024-05-06 20:15 - Updated: 2025-06-18 14:50| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| debian | debian_linux | 10.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h610c_firmware | - | |
| netapp | h610c | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| netapp | h615c_firmware | - | |
| netapp | h615c | - | |
| netapp | hci_bootstrap_os | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E16DA-1F17-4B1B-B231-7A4DEDA8C7BA",
"versionEndExcluding": "2.40",
"versionStartIncluding": "2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
},
{
"lang": "es",
"value": "nscd: el puntero nulo falla despu\u00e9s de una respuesta no encontrada Si el cach\u00e9 del daemon de cach\u00e9 del servicio de nombres (nscd) no logra agregar una respuesta de grupo de red no encontrado al cach\u00e9, la solicitud del cliente puede resultar en una desreferencia del puntero nulo. Esta falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."
}
],
"id": "CVE-2024-33600",
"lastModified": "2025-06-18T14:50:25.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-06T20:15:11.523",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33601
Vulnerability from fkie_nvd - Published: 2024-05-06 20:15 - Updated: 2025-08-01 01:56| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| debian | debian_linux | 10.0 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h610c_firmware | - | |
| netapp | h610c | - | |
| netapp | h615c_firmware | - | |
| netapp | h615c | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E16DA-1F17-4B1B-B231-7A4DEDA8C7BA",
"versionEndExcluding": "2.40",
"versionStartIncluding": "2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
},
{
"lang": "es",
"value": "nscd: la cach\u00e9 de netgroup puede terminar el daemon ante una falla en la asignaci\u00f3n de memoria La cach\u00e9 de netgroup del daemon de cach\u00e9 del servicio de nombres (nscd) usa xmalloc o xrealloc y estas funciones pueden terminar el proceso debido a una falla en la asignaci\u00f3n de memoria que resulta en una denegaci\u00f3n de servicio a los clientes. La falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."
}
],
"id": "CVE-2024-33601",
"lastModified": "2025-08-01T01:56:26.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-06T20:15:11.603",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33599
Vulnerability from fkie_nvd - Published: 2024-05-06 20:15 - Updated: 2025-06-18 14:56| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| debian | debian_linux | 10.0 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | hci_bootstrap_os | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E16DA-1F17-4B1B-B231-7A4DEDA8C7BA",
"versionEndExcluding": "2.40",
"versionStartIncluding": "2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
},
{
"lang": "es",
"value": "nscd: desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la cach\u00e9 de netgroup Si la cach\u00e9 de tama\u00f1o fijo del daemon de cach\u00e9 del servicio de nombres (nscd) se agota debido a las solicitudes de los clientes, una solicitud posterior del cliente de datos de netgroup puede provocar un desbordamiento del b\u00fafer basado en la pila. Esta falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."
}
],
"id": "CVE-2024-33599",
"lastModified": "2025-06-18T14:56:01.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-06T20:15:11.437",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33602
Vulnerability from fkie_nvd - Published: 2024-05-06 20:15 - Updated: 2025-06-18 14:40| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| debian | debian_linux | 10.0 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | element_software | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| netapp | hci_bootstrap_os | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D95E16DA-1F17-4B1B-B231-7A4DEDA8C7BA",
"versionEndExcluding": "2.40",
"versionStartIncluding": "2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
},
{
"lang": "es",
"value": "nscd: la cach\u00e9 de netgroup supone que la devoluci\u00f3n de llamada de NSS utiliza cadenas en el b\u00fafer La cach\u00e9 de netgroup del daemon de cach\u00e9 del servicio de nombres (nscd) puede da\u00f1ar la memoria cuando la devoluci\u00f3n de llamada de NSS no almacena todas las cadenas en el b\u00fafer proporcionado. La falla se introdujo en glibc 2.15 cuando se agreg\u00f3 el cach\u00e9 a nscd. Esta vulnerabilidad s\u00f3lo est\u00e1 presente en el binario nscd."
}
],
"id": "CVE-2024-33602",
"lastModified": "2025-06-18T14:40:48.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-06T20:15:11.680",
"references": [
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
}
],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-466"
}
],
"source": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-6780
Vulnerability from fkie_nvd - Published: 2024-01-31 14:15 - Updated: 2025-02-07 17:155.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5153FA-49E9-457F-94BB-202CACA41C76",
"versionEndExcluding": "2.39",
"versionStartIncluding": "2.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de enteros en la funci\u00f3n __vsyslog_internal de la liibrer\u00eda glibc. Esta funci\u00f3n es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando estas funciones se llaman con un mensaje muy largo, lo que genera un c\u00e1lculo incorrecto del tama\u00f1o del b\u00fafer para almacenar el mensaje, lo que genera un comportamiento indefinido. Este problema afecta a glibc 2.37 y posteriores."
}
],
"id": "CVE-2023-6780",
"lastModified": "2025-02-07T17:15:29.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-31T14:15:48.917",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6780"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250207-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-131"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-6246
Vulnerability from fkie_nvd - Published: 2024-01-31 14:15 - Updated: 2024-11-21 08:437.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618FB1A-596C-4054-8DB6-7A9F189D9AFC",
"versionEndExcluding": "2.39",
"versionStartIncluding": "2.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en la funci\u00f3n __vsyslog_internal de la librer\u00eda glibc. Esta funci\u00f3n es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando no se llam\u00f3 a la funci\u00f3n openlog, o se llam\u00f3 con el argumento ident establecido en NULL, y el nombre del programa (el nombre base de argv[0]) tiene m\u00e1s de 1024 bytes, lo que provoca un bloqueo de la aplicaci\u00f3n o una escalada de privilegios locales. Este problema afecta a glibc 2.36 y versiones posteriores."
}
],
"id": "CVE-2023-6246",
"lastModified": "2024-11-21T08:43:27.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-31T14:15:48.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6246"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-6779
Vulnerability from fkie_nvd - Published: 2024-01-31 14:15 - Updated: 2024-11-21 08:447.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5153FA-49E9-457F-94BB-202CACA41C76",
"versionEndExcluding": "2.39",
"versionStartIncluding": "2.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria de off-by-one en la funci\u00f3n __vsyslog_internal de la librer\u00eda glibc. Esta funci\u00f3n es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando estas funciones se llaman con un mensaje mayor que INT_MAX bytes, lo que genera un c\u00e1lculo incorrecto del tama\u00f1o del b\u00fafer para almacenar el mensaje, lo que provoca un bloqueo de la aplicaci\u00f3n. Este problema afecta a glibc 2.37 y posteriores."
}
],
"id": "CVE-2023-6779",
"lastModified": "2024-11-21T08:44:32.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-31T14:15:48.700",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6779"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0006/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-5745 (GCVE-0-2025-5745)
Vulnerability from cvelistv5 – Published: 2025-06-05 19:20 – Updated: 2025-06-05 20:13- CWE-665 - Improper Initialization
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T20:11:39.550335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T20:13:51.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Power10"
],
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"status": "affected",
"version": "2.40",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-06-05T02:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T19:20:57.253Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the \u003ccode\u003eglibc.cpu.hwcaps\u003c/code\u003e tunable. This can be done by exporting the \u003ccode\u003eGLIBC_TUNABLES\u003c/code\u003e environment variable like so:\u003cbr\u003e\u003cbr\u003e\n\n\u003ccode\u003e\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1\u003c/code\u003e"
}
],
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the glibc.cpu.hwcaps tunable. This can be done by exporting the GLIBC_TUNABLES environment variable like so:\n\n\n\n\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-5745",
"datePublished": "2025-06-05T19:20:23.405Z",
"dateReserved": "2025-06-05T19:15:09.234Z",
"dateUpdated": "2025-06-05T20:13:51.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5702 (GCVE-0-2025-5702)
Vulnerability from cvelistv5 – Published: 2025-06-05 18:23 – Updated: 2025-06-05 20:21- CWE-665 - Improper Initialization
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.39
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T20:17:18.849567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T20:21:44.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Power10"
],
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"status": "affected",
"version": "2.39",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-06-05T02:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"value": "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T18:23:57.872Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the \u003ccode\u003eglibc.cpu.hwcaps\u003c/code\u003e tunable. This can be done by exporting the \u003ccode\u003eGLIBC_TUNABLES\u003c/code\u003e environment variable like so:\u003cbr\u003e\u003cbr\u003e\n\n\u003ccode\u003e\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1\u003c/code\u003e"
}
],
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the glibc.cpu.hwcaps tunable. This can be done by exporting the GLIBC_TUNABLES environment variable like so:\n\n\n\n\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-5702",
"datePublished": "2025-06-05T18:23:57.872Z",
"dateReserved": "2025-06-04T21:57:13.818Z",
"dateUpdated": "2025-06-05T20:21:44.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4802 (GCVE-0-2025-4802)
Vulnerability from cvelistv5 – Published: 2025-05-16 19:32 – Updated: 2025-11-03 20:04- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.27 , < 2.39
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:41.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/16/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/17/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-4802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:55:53.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.39",
"status": "affected",
"version": "2.27",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-16T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)."
}
],
"value": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)."
}
],
"impacts": [
{
"capecId": "CAPEC-13",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-13 Subverting Environment Variable Values"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T19:32:50.586Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32976"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-4802",
"datePublished": "2025-05-16T19:32:50.586Z",
"dateReserved": "2025-05-15T21:32:45.284Z",
"dateUpdated": "2025-11-03T20:04:41.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33602 (GCVE-0-2024-33602)
Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2025-02-13 17:52- CWE-466 - Return of Pointer Value Outside of Expected Range
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "gnu",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T16:09:29.755117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:26:29.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e"
}
],
"value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "CWE-466 Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:04.473Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33602",
"datePublished": "2024-05-06T19:22:12.383Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-02-13T17:52:21.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33601 (GCVE-0-2024-33601)
Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2025-03-18 13:55- CWE-617 - Reachable Assertion
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "glibc",
"vendor": "gnu",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T17:26:01.322253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:55:13.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients. The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:12.587Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: netgroup cache may terminate daemon on memory allocation failure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33601",
"datePublished": "2024-05-06T19:22:07.763Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-03-18T13:55:13.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33600 (GCVE-0-2024-33600)
Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2025-03-27 14:41- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:13:16.760599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:41:14.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference. This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:08.949Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: Null pointer crashes after notfound response",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33600",
"datePublished": "2024-05-06T19:22:02.726Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-03-27T14:41:14.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33599 (GCVE-0-2024-33599)
Vulnerability from cvelistv5 – Published: 2024-05-06 19:21 – Updated: 2025-03-26 20:40- CWE-121 - Stack-based Buffer Overflow
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T19:01:02.703174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T20:40:00.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "nscd: Stack-based buffer overflow in netgroup cache\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\u003cbr\u003eby client requests then a subsequent client request for netgroup data\u003cbr\u003emay result in a stack-based buffer overflow. This flaw was introduced\u003cbr\u003ein glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e"
}
],
"value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:10.829Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: Stack-based buffer overflow in netgroup cache",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33599",
"datePublished": "2024-05-06T19:21:54.314Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-03-26T20:40:00.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5745 (GCVE-0-2025-5745)
Vulnerability from nvd – Published: 2025-06-05 19:20 – Updated: 2025-06-05 20:13- CWE-665 - Improper Initialization
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T20:11:39.550335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T20:13:51.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Power10"
],
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"status": "affected",
"version": "2.40",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-06-05T02:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T19:20:57.253Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the \u003ccode\u003eglibc.cpu.hwcaps\u003c/code\u003e tunable. This can be done by exporting the \u003ccode\u003eGLIBC_TUNABLES\u003c/code\u003e environment variable like so:\u003cbr\u003e\u003cbr\u003e\n\n\u003ccode\u003e\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1\u003c/code\u003e"
}
],
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the glibc.cpu.hwcaps tunable. This can be done by exporting the GLIBC_TUNABLES environment variable like so:\n\n\n\n\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-5745",
"datePublished": "2025-06-05T19:20:23.405Z",
"dateReserved": "2025-06-05T19:15:09.234Z",
"dateUpdated": "2025-06-05T20:13:51.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5702 (GCVE-0-2025-5702)
Vulnerability from nvd – Published: 2025-06-05 18:23 – Updated: 2025-06-05 20:21- CWE-665 - Improper Initialization
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.39
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T20:17:18.849567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T20:21:44.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Power10"
],
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"status": "affected",
"version": "2.39",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-06-05T02:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"value": "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T18:23:57.872Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33056"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the \u003ccode\u003eglibc.cpu.hwcaps\u003c/code\u003e tunable. This can be done by exporting the \u003ccode\u003eGLIBC_TUNABLES\u003c/code\u003e environment variable like so:\u003cbr\u003e\u003cbr\u003e\n\n\u003ccode\u003e\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1\u003c/code\u003e"
}
],
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the glibc.cpu.hwcaps tunable. This can be done by exporting the GLIBC_TUNABLES environment variable like so:\n\n\n\n\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-5702",
"datePublished": "2025-06-05T18:23:57.872Z",
"dateReserved": "2025-06-04T21:57:13.818Z",
"dateUpdated": "2025-06-05T20:21:44.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4802 (GCVE-0-2025-4802)
Vulnerability from nvd – Published: 2025-05-16 19:32 – Updated: 2025-11-03 20:04- CWE-426 - Untrusted Search Path
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.27 , < 2.39
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:41.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/16/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/17/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-4802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:55:53.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.39",
"status": "affected",
"version": "2.27",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-16T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)."
}
],
"value": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)."
}
],
"impacts": [
{
"capecId": "CAPEC-13",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-13 Subverting Environment Variable Values"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T19:32:50.586Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32976"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-4802",
"datePublished": "2025-05-16T19:32:50.586Z",
"dateReserved": "2025-05-15T21:32:45.284Z",
"dateUpdated": "2025-11-03T20:04:41.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33602 (GCVE-0-2024-33602)
Vulnerability from nvd – Published: 2024-05-06 19:22 – Updated: 2025-02-13 17:52- CWE-466 - Return of Pointer Value Outside of Expected Range
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "gnu",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T16:09:29.755117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:26:29.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e"
}
],
"value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "CWE-466 Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:04.473Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33602",
"datePublished": "2024-05-06T19:22:12.383Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-02-13T17:52:21.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33601 (GCVE-0-2024-33601)
Vulnerability from nvd – Published: 2024-05-06 19:22 – Updated: 2025-03-18 13:55- CWE-617 - Reachable Assertion
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "glibc",
"vendor": "gnu",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T17:26:01.322253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:55:13.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: netgroup cache may terminate daemon on memory allocation failure\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\u003cbr\u003exrealloc and these functions may terminate the process due to a memory\u003cbr\u003eallocation failure resulting in a denial of service to the clients. The\u003cbr\u003eflaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:12.587Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0014/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: netgroup cache may terminate daemon on memory allocation failure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33601",
"datePublished": "2024-05-06T19:22:07.763Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-03-18T13:55:13.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33600 (GCVE-0-2024-33600)
Vulnerability from nvd – Published: 2024-05-06 19:22 – Updated: 2025-03-27 14:41- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:13:16.760599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:41:14.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: Null pointer crashes after notfound response\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\u003cbr\u003enetgroup response to the cache, the client request can result in a null\u003cbr\u003epointer dereference. This flaw was introduced in glibc 2.15 when the\u003cbr\u003ecache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon\u0027s (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:08.949Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0013/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: Null pointer crashes after notfound response",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33600",
"datePublished": "2024-05-06T19:22:02.726Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-03-27T14:41:14.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33599 (GCVE-0-2024-33599)
Vulnerability from nvd – Published: 2024-05-06 19:21 – Updated: 2025-03-26 20:40- CWE-121 - Stack-based Buffer Overflow
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T19:01:02.703174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T20:40:00.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "nscd: Stack-based buffer overflow in netgroup cache\u003cbr\u003e\u003cbr\u003eIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\u003cbr\u003eby client requests then a subsequent client request for netgroup data\u003cbr\u003emay result in a stack-based buffer overflow. This flaw was introduced\u003cbr\u003ein glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003cbr\u003e"
}
],
"value": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon\u0027s (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:10.829Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0011/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: Stack-based buffer overflow in netgroup cache",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33599",
"datePublished": "2024-05-06T19:21:54.314Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2025-03-26T20:40:00.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202105-1306
Vulnerability from variot - Updated: 2024-07-23 20:49The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. GNU C Library ( alias glibc) Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The vulnerability stems from the library's mq_notify function having a use-after-free feature. Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]
- Solution:
OSP 16.2.z Release - OSP Director Operator Containers
- Bugs fixed (https://bugzilla.redhat.com/):
2025995 - Rebase tech preview on latest upstream v1.2.x branch 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2036784 - osp controller (fencing enabled) in downed state after system manual crash test
Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
-
object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Related bugs:
-
RHACM 2.2.11 images (Bugzilla #2029508)
-
ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
2030859)
- Bugs fixed (https://bugzilla.redhat.com/):
1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 =====================================================================
- Summary:
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:
OpenShift Dedicated support
RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform.
-
Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS.
-
Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds.
-
Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria.
Security Fix(es):
-
civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304)
-
nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
-
nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)
-
golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
-
helm: information disclosure vulnerability (CVE-2021-32690)
-
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fixes The release of RHACS 3.67 includes the following bug fixes:
-
Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed.
-
Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.
System changes The release of RHACS 3.67 includes the following system changes:
- Scanner now identifies vulnerabilities in Ubuntu 21.10 images.
- The Port exposure method policy criteria now include route as an exposure method.
- The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation.
- The OpenShift Compliance Operator integration now supports using TailoredProfiles.
- The RHACS Jenkins plugin now provides additional security information.
- When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values.
- The default uid:gid pair for the Scanner image is now 65534:65534.
- RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes.
- If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies.
- In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode.
- You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check
-
You can now use a regular expression for the deployment name while specifying policy exclusions
-
Solution:
To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67.
- Bugs fixed (https://bugzilla.redhat.com/):
1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
- JIRA issues fixed (https://issues.jboss.org/):
RHACS-65 - Release RHACS 3.67.0
- References:
https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
An update is now available for OpenShift Logging 5.2. Description:
Openshift Logging Bug Fix Release (5.2.3)
Security Fix(es):
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1857 - OpenShift Alerting Rules Style-Guide Compliance LOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM LOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
- Summary:
The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.32"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.33"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "c library",
"scope": "eq",
"trust": 0.8,
"vendor": "gnu",
"version": "2.32"
},
{
"model": "c library",
"scope": "eq",
"trust": 0.8,
"vendor": "gnu",
"version": null
},
{
"model": "c library",
"scope": "eq",
"trust": 0.8,
"vendor": "gnu",
"version": "2.33"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 0.8
},
"cve": "CVE-2021-33574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-33574",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-393646",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33574",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33574",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1666",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-393646",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33574",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393646"
},
{
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1666"
},
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. GNU C Library ( alias glibc) Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The vulnerability stems from the library\u0027s mq_notify function having a use-after-free feature. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\nLOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard\nLOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]\n\n6. Solution:\n\nOSP 16.2.z Release - OSP Director Operator Containers\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025995 - Rebase tech preview on latest upstream v1.2.x branch\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2036784 - osp controller (fencing enabled) in downed state after system manual crash test\n\n5. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla\n#2030859)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256\n2029508 - RHACM 2.2.11 images\n2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ACS 3.67 security and enhancement update\nAdvisory ID: RHSA-2021:4902-01\nProduct: RHACS\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4902\nIssue date: 2021-12-01\nCVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 \n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 \n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 \n CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 \n CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 \n CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 \n CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 \n CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 \n CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 \n CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 \n CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 \n CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 \n CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 \n CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 \n=====================================================================\n\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThe release of RHACS 3.67 provides the following new features, bug fixes,\nsecurity patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on\nAmazon Web Services and Google Cloud Platform. \n\n1. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in\nOpenShift OAuth server as an identity provider for RHACS. \n\n2. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now\nshow additional detailed information about the vulnerabilities and the\nsecurity policies responsible for broken builds. \n\n3. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that\nmay be used to run a pod\u2019s containers using the Runtime Class policy\ncriteria. \n\nSecurity Fix(es):\n\n* civetweb: directory traversal when using the built-in example HTTP\nform-based file upload mechanism via the mg_handle_form_request API\n(CVE-2020-27304)\n\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n\n* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)\n\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration,\nRHACS did not respect or populate Compliance Operator TailoredProfiles. \nThis has been fixed. \n\n2. Previously, the Alpine Linux package manager (APK) in Image policy\nlooked for the presence of apk package in the image rather than the\napk-tools package. This issue has been fixed. \n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. \n2. The Port exposure method policy criteria now include route as an\nexposure method. \n3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the\nOpenShift Compliance Operator to check for the existence of the Kubeadmin\nsecret without creating a violation. \n4. The OpenShift Compliance Operator integration now supports using\nTailoredProfiles. \n5. The RHACS Jenkins plugin now provides additional security information. \n6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for\nCentral, the logs contain the Request URI and X-Forwarded-For header\nvalues. \n7. The default uid:gid pair for the Scanner image is now 65534:65534. \n8. RHACS adds a new default Scope Manager role that includes minimum\npermissions to create and modify access scopes. \n9. If microdnf is part of an image or shows up in process execution, RHACS\nreports it as a security violation for the Red Hat Package Manager in Image\nor the Red Hat Package Manager Execution security policies. \n10. In addition to manually uploading vulnerability definitions in offline\nmode, you can now upload definitions in online mode. \n11. You can now format the output of the following roxctl CLI commands in\ntable, csv, or JSON format: image scan, image check \u0026 deployment check\n12. You can now use a regular expression for the deployment name while\nspecifying policy exclusions\n\n3. Solution:\n\nTo take advantage of these new features, fixes and changes, please upgrade\nRed Hat Advanced Cluster Security for Kubernetes to version 3.67. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-65 - Release RHACS 3.67.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-27304\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3801\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23343\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-29923\nhttps://access.redhat.com/security/cve/CVE-2021-32690\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-39293\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr\nKjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w\ntKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e\nlq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV\nx4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2\ne8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK\nqnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz\nvguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt\nG4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT\nPTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/\npJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN\nT0pPNmsPGZY=\n=ux5P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nAn update is now available for OpenShift Logging 5.2. Description:\n\nOpenshift Logging Bug Fix Release (5.2.3)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1857 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM\nLOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\n\n6. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33574"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "VULHUB",
"id": "VHN-393646"
},
{
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33574",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "166308",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1666",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165758",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163406",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165862",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164863",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021092807",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070604",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100416",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3935",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4254",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4172",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0394",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3785",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4095",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4059",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5140",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3214",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3336",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0716",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0493",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3398",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-393646",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165129",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393646"
},
{
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1666"
},
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"id": "VAR-202105-1306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393646"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:49:26.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a027896",
"trust": 0.8,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896"
},
{
"title": "Debian CVElist Bug Report Logs: glibc: CVE-2021-33574: mq_notify does not handle separately allocated thread attributes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7a9966ec919351d3328669aa69ea5e39"
},
{
"title": "Red Hat: CVE-2021-33574",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-33574"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1736",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1736"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-33574 log"
},
{
"title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220434 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220318 - security advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220842 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220580 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220856 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-33574 "
},
{
"title": "CVE-2021-33574",
"trust": 0.1,
"url": "https://github.com/jamesgeee/cve-2021-33574 "
},
{
"title": "cks-notes",
"trust": 0.1,
"url": "https://github.com/ruzickap/cks-notes "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-38604 "
},
{
"title": "ochacafe-s5-3",
"trust": 0.1,
"url": "https://github.com/oracle-japan/ochacafe-s5-3 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393646"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210629-0005/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"trust": 1.7,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896"
},
{
"trust": 1.7,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kjyyimddyohtp2porlabtohyqyyrezdd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rbuuwugxvilqxvweou7n42ichpjnaeup/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rbuuwugxvilqxvweou7n42ichpjnaeup/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kjyyimddyohtp2porlabtohyqyyrezdd/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3905"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6526524"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1071"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3398"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165862/red-hat-security-advisory-2022-0434-05.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5140"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/glibc-use-after-free-via-mq-notify-35692"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3336"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0716"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092807"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0394"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0493"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3935"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164863/red-hat-security-advisory-2021-4358-03.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4059"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166051/red-hat-security-advisory-2022-0580-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070604"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100416"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4254"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3785"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165758/red-hat-security-advisory-2022-0318-06.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4095"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4172"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163406/gentoo-linux-security-advisory-202107-07.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166308/red-hat-security-advisory-2022-0842-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3984"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3872"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4019"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3620"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393646"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1666"
},
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393646"
},
{
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "166308"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1666"
},
{
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-393646"
},
{
"date": "2021-05-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"date": "2021-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"date": "2021-12-15T15:22:36",
"db": "PACKETSTORM",
"id": "165288"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2022-03-15T15:41:45",
"db": "PACKETSTORM",
"id": "166308"
},
{
"date": "2022-03-15T15:44:21",
"db": "PACKETSTORM",
"id": "166309"
},
{
"date": "2022-02-18T16:37:39",
"db": "PACKETSTORM",
"id": "166051"
},
{
"date": "2021-12-02T16:06:16",
"db": "PACKETSTORM",
"id": "165129"
},
{
"date": "2021-11-17T15:25:40",
"db": "PACKETSTORM",
"id": "165002"
},
{
"date": "2021-11-30T14:44:48",
"db": "PACKETSTORM",
"id": "165099"
},
{
"date": "2021-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1666"
},
{
"date": "2021-05-25T22:15:10.410000",
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-393646"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33574"
},
{
"date": "2021-08-19T01:48:00",
"db": "JVNDB",
"id": "JVNDB-2021-002276"
},
{
"date": "2022-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1666"
},
{
"date": "2023-11-07T03:35:52.810000",
"db": "NVD",
"id": "CVE-2021-33574"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1666"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU\u00a0C\u00a0Library\u00a0 Vulnerabilities in the use of freed memory",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002276"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1666"
}
],
"trust": 0.6
}
}
VAR-201706-0334
Vulnerability from variot - Updated: 2024-07-23 20:13glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. glibc Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GNU glibc is prone to local memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code in the context of the application. GNU glibc 2.25 and prior versions are vulnerable. glibc (also known as GNU C Library, libc6) is an open source and free C language compiler released under the LGPL license agreement. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: glibc security update Advisory ID: RHSA-2017:1479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1479 Issue date: 2017-06-19 CVE Names: CVE-2017-1000366 =====================================================================
- Summary:
An update for glibc is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 5.9 Long Life, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, and Red Hat Enterprise Linux 7.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 5 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
Security Fix(es):
- A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366)
Red Hat would like to thank Qualys Research Labs for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1452543 - CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations
- Package List:
Red Hat Enterprise Linux Long Life (v. 5.9 server):
Source: glibc-2.5-107.el5_9.9.src.rpm
i386: glibc-2.5-107.el5_9.9.i386.rpm glibc-2.5-107.el5_9.9.i686.rpm glibc-common-2.5-107.el5_9.9.i386.rpm glibc-debuginfo-2.5-107.el5_9.9.i386.rpm glibc-debuginfo-2.5-107.el5_9.9.i686.rpm glibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.i386.rpm glibc-headers-2.5-107.el5_9.9.i386.rpm glibc-utils-2.5-107.el5_9.9.i386.rpm nscd-2.5-107.el5_9.9.i386.rpm
ia64: glibc-2.5-107.el5_9.9.i686.rpm glibc-2.5-107.el5_9.9.ia64.rpm glibc-common-2.5-107.el5_9.9.ia64.rpm glibc-debuginfo-2.5-107.el5_9.9.i686.rpm glibc-debuginfo-2.5-107.el5_9.9.ia64.rpm glibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.ia64.rpm glibc-headers-2.5-107.el5_9.9.ia64.rpm glibc-utils-2.5-107.el5_9.9.ia64.rpm nscd-2.5-107.el5_9.9.ia64.rpm
x86_64: glibc-2.5-107.el5_9.9.i686.rpm glibc-2.5-107.el5_9.9.x86_64.rpm glibc-common-2.5-107.el5_9.9.x86_64.rpm glibc-debuginfo-2.5-107.el5_9.9.i386.rpm glibc-debuginfo-2.5-107.el5_9.9.i686.rpm glibc-debuginfo-2.5-107.el5_9.9.x86_64.rpm glibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.i386.rpm glibc-devel-2.5-107.el5_9.9.x86_64.rpm glibc-headers-2.5-107.el5_9.9.x86_64.rpm glibc-utils-2.5-107.el5_9.9.x86_64.rpm nscd-2.5-107.el5_9.9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 5 ELS):
Source: glibc-2.5-123.el5_11.4.src.rpm
i386: glibc-2.5-123.el5_11.4.i386.rpm glibc-2.5-123.el5_11.4.i686.rpm glibc-common-2.5-123.el5_11.4.i386.rpm glibc-debuginfo-2.5-123.el5_11.4.i386.rpm glibc-debuginfo-2.5-123.el5_11.4.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.4.i386.rpm glibc-devel-2.5-123.el5_11.4.i386.rpm glibc-headers-2.5-123.el5_11.4.i386.rpm glibc-utils-2.5-123.el5_11.4.i386.rpm nscd-2.5-123.el5_11.4.i386.rpm
s390x: glibc-2.5-123.el5_11.4.s390.rpm glibc-2.5-123.el5_11.4.s390x.rpm glibc-common-2.5-123.el5_11.4.s390x.rpm glibc-debuginfo-2.5-123.el5_11.4.s390.rpm glibc-debuginfo-2.5-123.el5_11.4.s390x.rpm glibc-devel-2.5-123.el5_11.4.s390.rpm glibc-devel-2.5-123.el5_11.4.s390x.rpm glibc-headers-2.5-123.el5_11.4.s390x.rpm glibc-utils-2.5-123.el5_11.4.s390x.rpm nscd-2.5-123.el5_11.4.s390x.rpm
x86_64: glibc-2.5-123.el5_11.4.i686.rpm glibc-2.5-123.el5_11.4.x86_64.rpm glibc-common-2.5-123.el5_11.4.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.4.i386.rpm glibc-debuginfo-2.5-123.el5_11.4.i686.rpm glibc-debuginfo-2.5-123.el5_11.4.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.4.i386.rpm glibc-devel-2.5-123.el5_11.4.i386.rpm glibc-devel-2.5-123.el5_11.4.x86_64.rpm glibc-headers-2.5-123.el5_11.4.x86_64.rpm glibc-utils-2.5-123.el5_11.4.x86_64.rpm nscd-2.5-123.el5_11.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node EUS (v. 6.7):
Source: glibc-2.12-1.166.el6_7.8.src.rpm
x86_64: glibc-2.12-1.166.el6_7.8.i686.rpm glibc-2.12-1.166.el6_7.8.x86_64.rpm glibc-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-devel-2.12-1.166.el6_7.8.i686.rpm glibc-devel-2.12-1.166.el6_7.8.x86_64.rpm glibc-headers-2.12-1.166.el6_7.8.x86_64.rpm glibc-utils-2.12-1.166.el6_7.8.x86_64.rpm nscd-2.12-1.166.el6_7.8.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):
x86_64: glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-static-2.12-1.166.el6_7.8.i686.rpm glibc-static-2.12-1.166.el6_7.8.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: glibc-2.12-1.47.el6_2.18.src.rpm
x86_64: glibc-2.12-1.47.el6_2.18.i686.rpm glibc-2.12-1.47.el6_2.18.x86_64.rpm glibc-common-2.12-1.47.el6_2.18.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.18.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.x86_64.rpm glibc-devel-2.12-1.47.el6_2.18.i686.rpm glibc-devel-2.12-1.47.el6_2.18.x86_64.rpm glibc-headers-2.12-1.47.el6_2.18.x86_64.rpm glibc-utils-2.12-1.47.el6_2.18.x86_64.rpm nscd-2.12-1.47.el6_2.18.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: glibc-2.12-1.107.el6_4.10.src.rpm
x86_64: glibc-2.12-1.107.el6_4.10.i686.rpm glibc-2.12-1.107.el6_4.10.x86_64.rpm glibc-common-2.12-1.107.el6_4.10.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.10.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.x86_64.rpm glibc-devel-2.12-1.107.el6_4.10.i686.rpm glibc-devel-2.12-1.107.el6_4.10.x86_64.rpm glibc-headers-2.12-1.107.el6_4.10.x86_64.rpm glibc-utils-2.12-1.107.el6_4.10.x86_64.rpm nscd-2.12-1.107.el6_4.10.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.9.src.rpm
x86_64: glibc-2.12-1.132.el6_5.9.i686.rpm glibc-2.12-1.132.el6_5.9.x86_64.rpm glibc-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-devel-2.12-1.132.el6_5.9.i686.rpm glibc-devel-2.12-1.132.el6_5.9.x86_64.rpm glibc-headers-2.12-1.132.el6_5.9.x86_64.rpm glibc-utils-2.12-1.132.el6_5.9.x86_64.rpm nscd-2.12-1.132.el6_5.9.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.9.src.rpm
x86_64: glibc-2.12-1.132.el6_5.9.i686.rpm glibc-2.12-1.132.el6_5.9.x86_64.rpm glibc-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-devel-2.12-1.132.el6_5.9.i686.rpm glibc-devel-2.12-1.132.el6_5.9.x86_64.rpm glibc-headers-2.12-1.132.el6_5.9.x86_64.rpm glibc-utils-2.12-1.132.el6_5.9.x86_64.rpm nscd-2.12-1.132.el6_5.9.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.6):
Source: glibc-2.12-1.149.el6_6.12.src.rpm
x86_64: glibc-2.12-1.149.el6_6.12.i686.rpm glibc-2.12-1.149.el6_6.12.x86_64.rpm glibc-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-devel-2.12-1.149.el6_6.12.i686.rpm glibc-devel-2.12-1.149.el6_6.12.x86_64.rpm glibc-headers-2.12-1.149.el6_6.12.x86_64.rpm glibc-utils-2.12-1.149.el6_6.12.x86_64.rpm nscd-2.12-1.149.el6_6.12.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 6.6):
Source: glibc-2.12-1.149.el6_6.12.src.rpm
x86_64: glibc-2.12-1.149.el6_6.12.i686.rpm glibc-2.12-1.149.el6_6.12.x86_64.rpm glibc-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-devel-2.12-1.149.el6_6.12.i686.rpm glibc-devel-2.12-1.149.el6_6.12.x86_64.rpm glibc-headers-2.12-1.149.el6_6.12.x86_64.rpm glibc-utils-2.12-1.149.el6_6.12.x86_64.rpm nscd-2.12-1.149.el6_6.12.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: glibc-2.12-1.166.el6_7.8.src.rpm
i386: glibc-2.12-1.166.el6_7.8.i686.rpm glibc-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-devel-2.12-1.166.el6_7.8.i686.rpm glibc-headers-2.12-1.166.el6_7.8.i686.rpm glibc-utils-2.12-1.166.el6_7.8.i686.rpm nscd-2.12-1.166.el6_7.8.i686.rpm
ppc64: glibc-2.12-1.166.el6_7.8.ppc.rpm glibc-2.12-1.166.el6_7.8.ppc64.rpm glibc-common-2.12-1.166.el6_7.8.ppc64.rpm glibc-debuginfo-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.8.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc64.rpm glibc-devel-2.12-1.166.el6_7.8.ppc.rpm glibc-devel-2.12-1.166.el6_7.8.ppc64.rpm glibc-headers-2.12-1.166.el6_7.8.ppc64.rpm glibc-utils-2.12-1.166.el6_7.8.ppc64.rpm nscd-2.12-1.166.el6_7.8.ppc64.rpm
s390x: glibc-2.12-1.166.el6_7.8.s390.rpm glibc-2.12-1.166.el6_7.8.s390x.rpm glibc-common-2.12-1.166.el6_7.8.s390x.rpm glibc-debuginfo-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.8.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390x.rpm glibc-devel-2.12-1.166.el6_7.8.s390.rpm glibc-devel-2.12-1.166.el6_7.8.s390x.rpm glibc-headers-2.12-1.166.el6_7.8.s390x.rpm glibc-utils-2.12-1.166.el6_7.8.s390x.rpm nscd-2.12-1.166.el6_7.8.s390x.rpm
x86_64: glibc-2.12-1.166.el6_7.8.i686.rpm glibc-2.12-1.166.el6_7.8.x86_64.rpm glibc-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-devel-2.12-1.166.el6_7.8.i686.rpm glibc-devel-2.12-1.166.el6_7.8.x86_64.rpm glibc-headers-2.12-1.166.el6_7.8.x86_64.rpm glibc-utils-2.12-1.166.el6_7.8.x86_64.rpm nscd-2.12-1.166.el6_7.8.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.2):
Source: glibc-2.12-1.47.el6_2.18.src.rpm
x86_64: glibc-debuginfo-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.18.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.18.x86_64.rpm glibc-static-2.12-1.47.el6_2.18.i686.rpm glibc-static-2.12-1.47.el6_2.18.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: glibc-2.12-1.107.el6_4.10.src.rpm
x86_64: glibc-debuginfo-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.10.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.10.x86_64.rpm glibc-static-2.12-1.107.el6_4.10.i686.rpm glibc-static-2.12-1.107.el6_4.10.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.9.src.rpm
x86_64: glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-static-2.12-1.132.el6_5.9.i686.rpm glibc-static-2.12-1.132.el6_5.9.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.9.src.rpm
x86_64: glibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm glibc-static-2.12-1.132.el6_5.9.i686.rpm glibc-static-2.12-1.132.el6_5.9.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.6):
x86_64: glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-static-2.12-1.149.el6_6.12.i686.rpm glibc-static-2.12-1.149.el6_6.12.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 6.6):
x86_64: glibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm glibc-static-2.12-1.149.el6_6.12.i686.rpm glibc-static-2.12-1.149.el6_6.12.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.7):
i386: glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-static-2.12-1.166.el6_7.8.i686.rpm
ppc64: glibc-debuginfo-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.8.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.ppc64.rpm glibc-static-2.12-1.166.el6_7.8.ppc.rpm glibc-static-2.12-1.166.el6_7.8.ppc64.rpm
s390x: glibc-debuginfo-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.8.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.s390x.rpm glibc-static-2.12-1.166.el6_7.8.s390.rpm glibc-static-2.12-1.166.el6_7.8.s390x.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm glibc-static-2.12-1.166.el6_7.8.i686.rpm glibc-static-2.12-1.166.el6_7.8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode EUS (v. 7.2):
Source: glibc-2.17-106.el7_2.9.src.rpm
x86_64: glibc-2.17-106.el7_2.9.i686.rpm glibc-2.17-106.el7_2.9.x86_64.rpm glibc-common-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-devel-2.17-106.el7_2.9.i686.rpm glibc-devel-2.17-106.el7_2.9.x86_64.rpm glibc-headers-2.17-106.el7_2.9.x86_64.rpm glibc-utils-2.17-106.el7_2.9.x86_64.rpm nscd-2.17-106.el7_2.9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2):
x86_64: glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-static-2.17-106.el7_2.9.i686.rpm glibc-static-2.17-106.el7_2.9.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: glibc-2.17-106.el7_2.9.src.rpm
ppc64: glibc-2.17-106.el7_2.9.ppc.rpm glibc-2.17-106.el7_2.9.ppc64.rpm glibc-common-2.17-106.el7_2.9.ppc64.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64.rpm glibc-devel-2.17-106.el7_2.9.ppc.rpm glibc-devel-2.17-106.el7_2.9.ppc64.rpm glibc-headers-2.17-106.el7_2.9.ppc64.rpm glibc-utils-2.17-106.el7_2.9.ppc64.rpm nscd-2.17-106.el7_2.9.ppc64.rpm
ppc64le: glibc-2.17-106.el7_2.9.ppc64le.rpm glibc-common-2.17-106.el7_2.9.ppc64le.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64le.rpm glibc-devel-2.17-106.el7_2.9.ppc64le.rpm glibc-headers-2.17-106.el7_2.9.ppc64le.rpm glibc-utils-2.17-106.el7_2.9.ppc64le.rpm nscd-2.17-106.el7_2.9.ppc64le.rpm
s390x: glibc-2.17-106.el7_2.9.s390.rpm glibc-2.17-106.el7_2.9.s390x.rpm glibc-common-2.17-106.el7_2.9.s390x.rpm glibc-debuginfo-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-2.17-106.el7_2.9.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390x.rpm glibc-devel-2.17-106.el7_2.9.s390.rpm glibc-devel-2.17-106.el7_2.9.s390x.rpm glibc-headers-2.17-106.el7_2.9.s390x.rpm glibc-utils-2.17-106.el7_2.9.s390x.rpm nscd-2.17-106.el7_2.9.s390x.rpm
x86_64: glibc-2.17-106.el7_2.9.i686.rpm glibc-2.17-106.el7_2.9.x86_64.rpm glibc-common-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-devel-2.17-106.el7_2.9.i686.rpm glibc-devel-2.17-106.el7_2.9.x86_64.rpm glibc-headers-2.17-106.el7_2.9.x86_64.rpm glibc-utils-2.17-106.el7_2.9.x86_64.rpm nscd-2.17-106.el7_2.9.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.2):
ppc64: glibc-debuginfo-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-2.17-106.el7_2.9.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64.rpm glibc-static-2.17-106.el7_2.9.ppc.rpm glibc-static-2.17-106.el7_2.9.ppc64.rpm
ppc64le: glibc-debuginfo-2.17-106.el7_2.9.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.9.ppc64le.rpm glibc-static-2.17-106.el7_2.9.ppc64le.rpm
s390x: glibc-debuginfo-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-2.17-106.el7_2.9.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.9.s390x.rpm glibc-static-2.17-106.el7_2.9.s390.rpm glibc-static-2.17-106.el7_2.9.s390x.rpm
x86_64: glibc-debuginfo-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm glibc-static-2.17-106.el7_2.9.i686.rpm glibc-static-2.17-106.el7_2.9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-1000366 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/stackguard
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZSDV3XlSAg2UNWIIRAibeAKC2QtxViqngTTBVM9fvG1XjRCkgwACgrHP1 PVr1sUH9RUhxrQOKQqWtnKY= =ywUB -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
- For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
For the oldstable distribution (jessie), this problem has been fixed in version 2.19-18+deb8u10.
For the stable distribution (stretch), this problem has been fixed in version 2.24-11+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your glibc packages.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/glibc-2.23-i586-2_slack14.2.txz: Rebuilt. Applied upstream security hardening patches from git. patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz: Rebuilt. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-i18n-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-profile-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-solibs-2.23-x86_64-2_slack14.2.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.25-i586-3.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.25-x86_64-3.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: 663f47dc7d0dfedb2ebf7c61d3f2272c glibc-2.23-i586-2_slack14.2.txz 078372f057f25a9208065ab79057e177 glibc-i18n-2.23-i586-2_slack14.2.txz f071cea4355537664e48208f4af62eaf glibc-profile-2.23-i586-2_slack14.2.txz ab57d435ca54b173a9e68f71212fc461 glibc-solibs-2.23-i586-2_slack14.2.txz
Slackware x86_64 14.2 packages: 1133b60a4c0ce35878a10bd4315fb648 glibc-2.23-x86_64-2_slack14.2.txz 089ce46a9649272054b9677a545db1e2 glibc-i18n-2.23-x86_64-2_slack14.2.txz 5ac5d520b831cd7f905302feab8d0e75 glibc-profile-2.23-x86_64-2_slack14.2.txz b8457b979d2a6652ce3c0362c2ec5638 glibc-solibs-2.23-x86_64-2_slack14.2.txz
Slackware -current packages: 4dc6a08ad5905dcab5dba980b57d6b84 a/glibc-solibs-2.25-i586-3.txz 48c6c4a925eda4dc598470721edced9c l/glibc-2.25-i586-3.txz 1afd5bdb86c5450b1429e5c3ce7c8fd1 l/glibc-i18n-2.25-i586-3.txz 55908b021b0fdf6f00027579b885eea0 l/glibc-profile-2.25-i586-3.txz
Slackware x86_64 -current packages: 1e479e2e03e837f66c95cacb2b7649f7 a/glibc-solibs-2.25-x86_64-3.txz ec307efb44585984181c4fe0ce01ce30 l/glibc-2.25-x86_64-3.txz 6503ac6fe173da8a2da47dcbd9c24bb1 l/glibc-i18n-2.25-x86_64-3.txz 22bc7dc3ec5b8b2bc0ca7aa2226a3094 l/glibc-profile-2.25-x86_64-3.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg glibc-*.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
Gentoo Linux Security Advisory GLSA 201706-19
https://security.gentoo.org/
Severity: High Title: GNU C Library: Multiple vulnerabilities Date: June 20, 2017 Bugs: #608698, #608706, #622220 ID: 201706-19
Synopsis
Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code.
Background
The GNU C library is the standard C library used by Gentoo Linux systems.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/glibc < 2.23-r4 >= 2.23-r4
Description
Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers and Qualys' security advisory referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All GNU C Library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.23-r4"
References
[ 1 ] CVE-2015-5180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180 [ 2 ] CVE-2016-6323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323 [ 3 ] CVE-2017-1000366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366 [ 4 ] Qualys Security Advisory - The Stack Clash https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--cxbO5eT2swQBqr8k9tc6wcfapgLAJb4xR--
. SEC Consult Vulnerability Lab Security Advisory < 20190904-0 >
title: Multiple vulnerabilities
product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,
Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,
Cisco 160W
vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15 fixed version: see "Solution" CVE number: - impact: High homepage: https://www.cisco.com/ found: 2019-05-15 by: T. Weber, S. Viehböck (Office Vienna) IoT Inspector SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"Securely connecting your small business to the outside world is as important as connecting your internal network devices to one another. Cisco Small Business RV Series Routers offer virtual private networking (VPN) technology so your remote workers can connect to your network through a secure Internet pathway."
Source: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html
Business recommendation:
We want to thank Cisco for the very quick and professional response and great coordination. Customers are urged to update the firmware of their devices.
Vulnerability overview/description:
1) Hardcoded Credentials The device contains hardcoded users and passwords which can be used to login via SSH on an emulated device at least.
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2015-7547, "getaddrinfo() buffer overflow") was verified by using the MEDUSA scalable firmware runtime.
3) Known BusyBox Vulnerabilities The used BusyBox toolkit in version 1.23.2 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2017-16544) was verified by using the MEDUSA scaleable firmware runtime.
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
Proof of concept:
1) Hardcoded Credentials The following hardcoded hashes were found in the 'shadow' file of the firmware: root:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7::: debug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7::: [...]
The undocumented user 'debug-admin' is also contained in this file.
Starting the dropbear daemon as background process on emulated firmware:
dropbear -E
[1109] Running in background
[1112] Child connection from :52718
[1112] /var must be owned by user or root, and not writable by others [1112] Password auth succeeded for 'debug-admin' from :52718
Log on via another host connected to the same network. For this PoC the password of the debug-admin was changed in the 'shadow' file.
[root@localhost medusa]# ssh debug-admin@ /bin/ash -i debug-admin@'s password: /bin/ash: can't access tty; job control turned off
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
/tmp $
The 'debug-admin' user has the same privileges like 'root'. This can be determined from the corresponding sudoers file in the firmware: [...]
User privilege specification
root ALL=(ALL) ALL debug-admin ALL=(ALL) ALL
Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
[...]
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.
The getaddrinfo() buffer overflow vulnerability was checked with the help of the exploit code from https://github.com/fjserna/CVE-2015-7547. It was compiled and executed on the emulated device to test the system.
python cve-2015-7547-poc.py &
[1] 961
chroot /medusa_rootfs/ bin/ash
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
gdb cve-2015-7547_glibc_getaddrinfo
[...] [UDP] Total Data len recv 36 [UDP] Total Data len recv 36 Connected with 127.0.0.1:41782 [TCP] Total Data len recv 76 [TCP] Request1 len recv 36 [TCP] Request2 len recv 36 Cannot access memory at address 0x4
Program received signal SIGSEGV, Segmentation fault. 0x76f1fd58 in ?? () from /lib/libc.so.6 (gdb)
References: https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547
3) Known BusyBox Vulnerabilities BusyBox version 1.23.2 contains multiple CVEs like: CVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679, CVE-2017-16544 and CVE-2019-5747. The BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on an emulated device:
A file with the name "\ectest\n\e]55;test.txt\a" was created to trigger the vulnerability.
ls "pressing "
test ]55;test.txt
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
The summary is below: IoT Inspector Vulnerability #1 BusyBox CVE entries Outdated BusyBox version is affected by 7 published CVEs.
IoT Inspector Vulnerability #2 curl CVE entries Outdated curl version is affected by 35 published CVEs.
IoT Inspector Vulnerability #5 Hardcoded password hashes Firmware contains multiple hardcoded credentials.
IoT Inspector Vulnerability #6 Linux Kernel CVE entries Outdated Linux Kernel version affected by 512 published CVEs.
IoT Inspector Vulnerability #7 MiniUPnPd CVE entries Outdated MiniUPnPd version affected by 2 published CVEs.
IoT Inspector Vulnerability #8 Dnsmasq CVE entries Outdated MiniUPnPd version affected by 1 published CVE.
IoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation “pp_key” Outdated Linux Kernel version is affected by CVE-2015-7547.
IoT Inspector Vulnerability #10 OpenSSL CVE entries Outdated OpenSSL version affected by 6 published CVEs.
Vulnerable / tested versions:
The following firmware versions have been tested with IoT Inspector and firmware emulation techniques: Cisco RV340 / 1.0.02.16 Cisco RV340W / 1.0.02.16 Cisco RV345 / 1.0.02.16 Cisco RV345P / 1.0.02.16 The following firmware versions have been tested with IoT Inspector only: Cisco RV260 / 1.0.00.15 Cisco RV260P / 1.0.00.15 Cisco RV260W / 1.0.00.15 Cisco RV160 / 1.0.00.15 Cisco RV160P / 1.0.00.15
The firmware was obtained from the vendor website: https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16 https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15
Vendor contact timeline:
2019-05-15: Contacting vendor through psirt@cisco.com. 2019-05-16: Vendor confirmed the receipt. 2019-05-2019-08: Periodic updates about the investigation from the vendor. Clarification which of the reported issues will be fixed. 2019-08-20: The vendor proposed the next possible publication date for the advisory for 2019-09-04. The vendor added the RV160 and RV260 router series to be vulnerable to the same issues too. 2019-09-04: Coordinated advisory release.
Solution:
Upgrade to the newest available firmware version.
Additionally, the vendor provides the following security notice: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter
Workaround:
None.
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
SEC Consult Vulnerability Lab
SEC Consult
Europe | Asia | North America
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF T. Weber / @2019
. Description:
Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options.
Security Fix(es):
- It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. (CVE-2017-7512)
The underlying container image was also rebuilt to resolve other security issues. Solution:
To apply this security fix, use the updated docker images. Bugs fixed (https://bugzilla.redhat.com/):
1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.6,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "web gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.6.2.14"
},
{
"model": "enterprise linux server long life",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.0.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "glibc",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.25"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "web gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "cloud magnum orchestration",
"scope": "eq",
"trust": 1.0,
"vendor": "openstack",
"version": "7"
},
{
"model": "suse linux enterprise point of sale",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux enterprise server for raspberry pi",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "linux enterprise for sap",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "c library",
"scope": "lte",
"trust": 0.8,
"vendor": "gnu",
"version": "2.25"
},
{
"model": "cloud magnum orchestration",
"scope": null,
"trust": 0.8,
"vendor": "openstack",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "linux enterprise desktop",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "linux enterprise for sap",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "linux enterprise point of sale",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "linux enterprise server",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "linux enterprise server for raspberry pi",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "linux enterprise software development kit",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "openstack cloud",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux aus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux eus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux long life",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server eus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.4"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.7"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.7.2.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.4"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.3"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.14"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.22.90"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.12.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.12.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.11.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.11.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.10.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.5"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.4"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1.9"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1.3-10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0.6"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0.5"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0.4"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.25"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.24"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.23"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.20"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.19"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.17"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.16"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.15"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.14.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.13"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.11.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.11"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.1.3.10"
},
{
"model": "cfengine",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.2.3"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.7.2.3"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.6.2.15"
}
],
"sources": [
{
"db": "BID",
"id": "99127"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_long_life:5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_for_sap:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:cloud_magnum_orchestration:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.2.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.2.2",
"versionStartIncluding": "7.7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "T. Weber",
"sources": [
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
}
],
"trust": 0.7
},
"cve": "CVE-2017-1000366",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-1000366",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-100094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-1000366",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-1000366",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-808",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-100094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-100094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. glibc Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GNU glibc is prone to local memory-corruption vulnerability. \nAn attacker could exploit this issue to execute arbitrary code in the context of the application. \nGNU glibc 2.25 and prior versions are vulnerable. glibc (also known as GNU C Library, libc6) is an open source and free C language compiler released under the LGPL license agreement. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: glibc security update\nAdvisory ID: RHSA-2017:1479-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1479\nIssue date: 2017-06-19\nCVE Names: CVE-2017-1000366 \n=====================================================================\n\n1. Summary:\n\nAn update for glibc is now available for Red Hat Enterprise Linux 5\nExtended Lifecycle Support, Red Hat Enterprise Linux 5.9 Long Life, Red Hat\nEnterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4\nAdvanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red\nHat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux\n6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended\nUpdate Support, and Red Hat Enterprise Linux 7.2 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, x86_64\nRed Hat Enterprise Linux Server (v. 5 ELS) - i386, s390x, x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.2) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.6) - x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the name\nservice cache daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nSecurity Fix(es):\n\n* A flaw was found in the way memory was being allocated on the stack for\nuser space binaries. If heap (or different memory region) and stack memory\nregions were adjacent to each other, an attacker could use this flaw to\njump over the stack guard gap, cause controlled memory corruption on\nprocess stack or the adjacent memory region, and thus increase their\nprivileges on the system. This is glibc-side mitigation which blocks\nprocessing of LD_LIBRARY_PATH for programs running in secure-execution mode\nand reduces the number of allocations performed by the processing of\nLD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of\nthis issue more difficult. (CVE-2017-1000366)\n\nRed Hat would like to thank Qualys Research Labs for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the glibc library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1452543 - CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations\n\n6. Package List:\n\nRed Hat Enterprise Linux Long Life (v. 5.9 server):\n\nSource:\nglibc-2.5-107.el5_9.9.src.rpm\n\ni386:\nglibc-2.5-107.el5_9.9.i386.rpm\nglibc-2.5-107.el5_9.9.i686.rpm\nglibc-common-2.5-107.el5_9.9.i386.rpm\nglibc-debuginfo-2.5-107.el5_9.9.i386.rpm\nglibc-debuginfo-2.5-107.el5_9.9.i686.rpm\nglibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm\nglibc-devel-2.5-107.el5_9.9.i386.rpm\nglibc-headers-2.5-107.el5_9.9.i386.rpm\nglibc-utils-2.5-107.el5_9.9.i386.rpm\nnscd-2.5-107.el5_9.9.i386.rpm\n\nia64:\nglibc-2.5-107.el5_9.9.i686.rpm\nglibc-2.5-107.el5_9.9.ia64.rpm\nglibc-common-2.5-107.el5_9.9.ia64.rpm\nglibc-debuginfo-2.5-107.el5_9.9.i686.rpm\nglibc-debuginfo-2.5-107.el5_9.9.ia64.rpm\nglibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm\nglibc-devel-2.5-107.el5_9.9.ia64.rpm\nglibc-headers-2.5-107.el5_9.9.ia64.rpm\nglibc-utils-2.5-107.el5_9.9.ia64.rpm\nnscd-2.5-107.el5_9.9.ia64.rpm\n\nx86_64:\nglibc-2.5-107.el5_9.9.i686.rpm\nglibc-2.5-107.el5_9.9.x86_64.rpm\nglibc-common-2.5-107.el5_9.9.x86_64.rpm\nglibc-debuginfo-2.5-107.el5_9.9.i386.rpm\nglibc-debuginfo-2.5-107.el5_9.9.i686.rpm\nglibc-debuginfo-2.5-107.el5_9.9.x86_64.rpm\nglibc-debuginfo-common-2.5-107.el5_9.9.i386.rpm\nglibc-devel-2.5-107.el5_9.9.i386.rpm\nglibc-devel-2.5-107.el5_9.9.x86_64.rpm\nglibc-headers-2.5-107.el5_9.9.x86_64.rpm\nglibc-utils-2.5-107.el5_9.9.x86_64.rpm\nnscd-2.5-107.el5_9.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 5 ELS):\n\nSource:\nglibc-2.5-123.el5_11.4.src.rpm\n\ni386:\nglibc-2.5-123.el5_11.4.i386.rpm\nglibc-2.5-123.el5_11.4.i686.rpm\nglibc-common-2.5-123.el5_11.4.i386.rpm\nglibc-debuginfo-2.5-123.el5_11.4.i386.rpm\nglibc-debuginfo-2.5-123.el5_11.4.i686.rpm\nglibc-debuginfo-common-2.5-123.el5_11.4.i386.rpm\nglibc-devel-2.5-123.el5_11.4.i386.rpm\nglibc-headers-2.5-123.el5_11.4.i386.rpm\nglibc-utils-2.5-123.el5_11.4.i386.rpm\nnscd-2.5-123.el5_11.4.i386.rpm\n\ns390x:\nglibc-2.5-123.el5_11.4.s390.rpm\nglibc-2.5-123.el5_11.4.s390x.rpm\nglibc-common-2.5-123.el5_11.4.s390x.rpm\nglibc-debuginfo-2.5-123.el5_11.4.s390.rpm\nglibc-debuginfo-2.5-123.el5_11.4.s390x.rpm\nglibc-devel-2.5-123.el5_11.4.s390.rpm\nglibc-devel-2.5-123.el5_11.4.s390x.rpm\nglibc-headers-2.5-123.el5_11.4.s390x.rpm\nglibc-utils-2.5-123.el5_11.4.s390x.rpm\nnscd-2.5-123.el5_11.4.s390x.rpm\n\nx86_64:\nglibc-2.5-123.el5_11.4.i686.rpm\nglibc-2.5-123.el5_11.4.x86_64.rpm\nglibc-common-2.5-123.el5_11.4.x86_64.rpm\nglibc-debuginfo-2.5-123.el5_11.4.i386.rpm\nglibc-debuginfo-2.5-123.el5_11.4.i686.rpm\nglibc-debuginfo-2.5-123.el5_11.4.x86_64.rpm\nglibc-debuginfo-common-2.5-123.el5_11.4.i386.rpm\nglibc-devel-2.5-123.el5_11.4.i386.rpm\nglibc-devel-2.5-123.el5_11.4.x86_64.rpm\nglibc-headers-2.5-123.el5_11.4.x86_64.rpm\nglibc-utils-2.5-123.el5_11.4.x86_64.rpm\nnscd-2.5-123.el5_11.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7):\n\nSource:\nglibc-2.12-1.166.el6_7.8.src.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.8.i686.rpm\nglibc-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.8.i686.rpm\nglibc-devel-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.8.x86_64.rpm\nnscd-2.12-1.166.el6_7.8.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.8.i686.rpm\nglibc-static-2.12-1.166.el6_7.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nglibc-2.12-1.47.el6_2.18.src.rpm\n\nx86_64:\nglibc-2.12-1.47.el6_2.18.i686.rpm\nglibc-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-common-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-debuginfo-2.12-1.47.el6_2.18.i686.rpm\nglibc-debuginfo-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.18.i686.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-devel-2.12-1.47.el6_2.18.i686.rpm\nglibc-devel-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-headers-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-utils-2.12-1.47.el6_2.18.x86_64.rpm\nnscd-2.12-1.47.el6_2.18.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nglibc-2.12-1.107.el6_4.10.src.rpm\n\nx86_64:\nglibc-2.12-1.107.el6_4.10.i686.rpm\nglibc-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-common-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-debuginfo-2.12-1.107.el6_4.10.i686.rpm\nglibc-debuginfo-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.10.i686.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-devel-2.12-1.107.el6_4.10.i686.rpm\nglibc-devel-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-headers-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-utils-2.12-1.107.el6_4.10.x86_64.rpm\nnscd-2.12-1.107.el6_4.10.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.9.src.rpm\n\nx86_64:\nglibc-2.12-1.132.el6_5.9.i686.rpm\nglibc-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-common-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-devel-2.12-1.132.el6_5.9.i686.rpm\nglibc-devel-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-headers-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-utils-2.12-1.132.el6_5.9.x86_64.rpm\nnscd-2.12-1.132.el6_5.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.9.src.rpm\n\nx86_64:\nglibc-2.12-1.132.el6_5.9.i686.rpm\nglibc-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-common-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-devel-2.12-1.132.el6_5.9.i686.rpm\nglibc-devel-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-headers-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-utils-2.12-1.132.el6_5.9.x86_64.rpm\nnscd-2.12-1.132.el6_5.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.6):\n\nSource:\nglibc-2.12-1.149.el6_6.12.src.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.12.i686.rpm\nglibc-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.12.i686.rpm\nglibc-devel-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.12.x86_64.rpm\nnscd-2.12-1.149.el6_6.12.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.6):\n\nSource:\nglibc-2.12-1.149.el6_6.12.src.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.12.i686.rpm\nglibc-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.12.i686.rpm\nglibc-devel-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.12.x86_64.rpm\nnscd-2.12-1.149.el6_6.12.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nglibc-2.12-1.166.el6_7.8.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.8.i686.rpm\nglibc-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-devel-2.12-1.166.el6_7.8.i686.rpm\nglibc-headers-2.12-1.166.el6_7.8.i686.rpm\nglibc-utils-2.12-1.166.el6_7.8.i686.rpm\nnscd-2.12-1.166.el6_7.8.i686.rpm\n\nppc64:\nglibc-2.12-1.166.el6_7.8.ppc.rpm\nglibc-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-common-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.ppc.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.ppc.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-devel-2.12-1.166.el6_7.8.ppc.rpm\nglibc-devel-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-headers-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-utils-2.12-1.166.el6_7.8.ppc64.rpm\nnscd-2.12-1.166.el6_7.8.ppc64.rpm\n\ns390x:\nglibc-2.12-1.166.el6_7.8.s390.rpm\nglibc-2.12-1.166.el6_7.8.s390x.rpm\nglibc-common-2.12-1.166.el6_7.8.s390x.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.s390.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.s390x.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.s390.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.s390x.rpm\nglibc-devel-2.12-1.166.el6_7.8.s390.rpm\nglibc-devel-2.12-1.166.el6_7.8.s390x.rpm\nglibc-headers-2.12-1.166.el6_7.8.s390x.rpm\nglibc-utils-2.12-1.166.el6_7.8.s390x.rpm\nnscd-2.12-1.166.el6_7.8.s390x.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.8.i686.rpm\nglibc-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.8.i686.rpm\nglibc-devel-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.8.x86_64.rpm\nnscd-2.12-1.166.el6_7.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2):\n\nSource:\nglibc-2.12-1.47.el6_2.18.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.47.el6_2.18.i686.rpm\nglibc-debuginfo-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.18.i686.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.18.x86_64.rpm\nglibc-static-2.12-1.47.el6_2.18.i686.rpm\nglibc-static-2.12-1.47.el6_2.18.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\nglibc-2.12-1.107.el6_4.10.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.107.el6_4.10.i686.rpm\nglibc-debuginfo-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.10.i686.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.10.x86_64.rpm\nglibc-static-2.12-1.107.el6_4.10.i686.rpm\nglibc-static-2.12-1.107.el6_4.10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.9.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-static-2.12-1.132.el6_5.9.i686.rpm\nglibc-static-2.12-1.132.el6_5.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.9.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.9.x86_64.rpm\nglibc-static-2.12-1.132.el6_5.9.i686.rpm\nglibc-static-2.12-1.132.el6_5.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6):\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.12.i686.rpm\nglibc-static-2.12-1.149.el6_6.12.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6):\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.12.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.12.i686.rpm\nglibc-static-2.12-1.149.el6_6.12.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-static-2.12-1.166.el6_7.8.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.166.el6_7.8.ppc.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.ppc.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.ppc64.rpm\nglibc-static-2.12-1.166.el6_7.8.ppc.rpm\nglibc-static-2.12-1.166.el6_7.8.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.166.el6_7.8.s390.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.s390x.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.s390.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.s390x.rpm\nglibc-static-2.12-1.166.el6_7.8.s390.rpm\nglibc-static-2.12-1.166.el6_7.8.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.8.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.8.i686.rpm\nglibc-static-2.12-1.166.el6_7.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.2):\n\nSource:\nglibc-2.17-106.el7_2.9.src.rpm\n\nx86_64:\nglibc-2.17-106.el7_2.9.i686.rpm\nglibc-2.17-106.el7_2.9.x86_64.rpm\nglibc-common-2.17-106.el7_2.9.x86_64.rpm\nglibc-debuginfo-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm\nglibc-devel-2.17-106.el7_2.9.i686.rpm\nglibc-devel-2.17-106.el7_2.9.x86_64.rpm\nglibc-headers-2.17-106.el7_2.9.x86_64.rpm\nglibc-utils-2.17-106.el7_2.9.x86_64.rpm\nnscd-2.17-106.el7_2.9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2):\n\nx86_64:\nglibc-debuginfo-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm\nglibc-static-2.17-106.el7_2.9.i686.rpm\nglibc-static-2.17-106.el7_2.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nglibc-2.17-106.el7_2.9.src.rpm\n\nppc64:\nglibc-2.17-106.el7_2.9.ppc.rpm\nglibc-2.17-106.el7_2.9.ppc64.rpm\nglibc-common-2.17-106.el7_2.9.ppc64.rpm\nglibc-debuginfo-2.17-106.el7_2.9.ppc.rpm\nglibc-debuginfo-2.17-106.el7_2.9.ppc64.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.ppc.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.ppc64.rpm\nglibc-devel-2.17-106.el7_2.9.ppc.rpm\nglibc-devel-2.17-106.el7_2.9.ppc64.rpm\nglibc-headers-2.17-106.el7_2.9.ppc64.rpm\nglibc-utils-2.17-106.el7_2.9.ppc64.rpm\nnscd-2.17-106.el7_2.9.ppc64.rpm\n\nppc64le:\nglibc-2.17-106.el7_2.9.ppc64le.rpm\nglibc-common-2.17-106.el7_2.9.ppc64le.rpm\nglibc-debuginfo-2.17-106.el7_2.9.ppc64le.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.ppc64le.rpm\nglibc-devel-2.17-106.el7_2.9.ppc64le.rpm\nglibc-headers-2.17-106.el7_2.9.ppc64le.rpm\nglibc-utils-2.17-106.el7_2.9.ppc64le.rpm\nnscd-2.17-106.el7_2.9.ppc64le.rpm\n\ns390x:\nglibc-2.17-106.el7_2.9.s390.rpm\nglibc-2.17-106.el7_2.9.s390x.rpm\nglibc-common-2.17-106.el7_2.9.s390x.rpm\nglibc-debuginfo-2.17-106.el7_2.9.s390.rpm\nglibc-debuginfo-2.17-106.el7_2.9.s390x.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.s390.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.s390x.rpm\nglibc-devel-2.17-106.el7_2.9.s390.rpm\nglibc-devel-2.17-106.el7_2.9.s390x.rpm\nglibc-headers-2.17-106.el7_2.9.s390x.rpm\nglibc-utils-2.17-106.el7_2.9.s390x.rpm\nnscd-2.17-106.el7_2.9.s390x.rpm\n\nx86_64:\nglibc-2.17-106.el7_2.9.i686.rpm\nglibc-2.17-106.el7_2.9.x86_64.rpm\nglibc-common-2.17-106.el7_2.9.x86_64.rpm\nglibc-debuginfo-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm\nglibc-devel-2.17-106.el7_2.9.i686.rpm\nglibc-devel-2.17-106.el7_2.9.x86_64.rpm\nglibc-headers-2.17-106.el7_2.9.x86_64.rpm\nglibc-utils-2.17-106.el7_2.9.x86_64.rpm\nnscd-2.17-106.el7_2.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.2):\n\nppc64:\nglibc-debuginfo-2.17-106.el7_2.9.ppc.rpm\nglibc-debuginfo-2.17-106.el7_2.9.ppc64.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.ppc.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.ppc64.rpm\nglibc-static-2.17-106.el7_2.9.ppc.rpm\nglibc-static-2.17-106.el7_2.9.ppc64.rpm\n\nppc64le:\nglibc-debuginfo-2.17-106.el7_2.9.ppc64le.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.ppc64le.rpm\nglibc-static-2.17-106.el7_2.9.ppc64le.rpm\n\ns390x:\nglibc-debuginfo-2.17-106.el7_2.9.s390.rpm\nglibc-debuginfo-2.17-106.el7_2.9.s390x.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.s390.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.s390x.rpm\nglibc-static-2.17-106.el7_2.9.s390.rpm\nglibc-static-2.17-106.el7_2.9.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-2.17-106.el7_2.9.x86_64.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.i686.rpm\nglibc-debuginfo-common-2.17-106.el7_2.9.x86_64.rpm\nglibc-static-2.17-106.el7_2.9.i686.rpm\nglibc-static-2.17-106.el7_2.9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-1000366\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/stackguard\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZSDV3XlSAg2UNWIIRAibeAKC2QtxViqngTTBVM9fvG1XjRCkgwACgrHP1\nPVr1sUH9RUhxrQOKQqWtnKY=\n=ywUB\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. For the full details, please refer to their advisory\npublished at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.19-18+deb8u10. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.24-11+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your glibc packages. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/glibc-2.23-i586-2_slack14.2.txz: Rebuilt. \n Applied upstream security hardening patches from git. \npatches/packages/glibc-profile-2.23-i586-2_slack14.2.txz: Rebuilt. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-2.23-i586-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-2.23-x86_64-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-i18n-2.23-x86_64-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-profile-2.23-x86_64-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-solibs-2.23-x86_64-2_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.25-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.25-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.25-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.25-i586-3.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.25-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.25-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.25-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.25-x86_64-3.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n663f47dc7d0dfedb2ebf7c61d3f2272c glibc-2.23-i586-2_slack14.2.txz\n078372f057f25a9208065ab79057e177 glibc-i18n-2.23-i586-2_slack14.2.txz\nf071cea4355537664e48208f4af62eaf glibc-profile-2.23-i586-2_slack14.2.txz\nab57d435ca54b173a9e68f71212fc461 glibc-solibs-2.23-i586-2_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n1133b60a4c0ce35878a10bd4315fb648 glibc-2.23-x86_64-2_slack14.2.txz\n089ce46a9649272054b9677a545db1e2 glibc-i18n-2.23-x86_64-2_slack14.2.txz\n5ac5d520b831cd7f905302feab8d0e75 glibc-profile-2.23-x86_64-2_slack14.2.txz\nb8457b979d2a6652ce3c0362c2ec5638 glibc-solibs-2.23-x86_64-2_slack14.2.txz\n\nSlackware -current packages:\n4dc6a08ad5905dcab5dba980b57d6b84 a/glibc-solibs-2.25-i586-3.txz\n48c6c4a925eda4dc598470721edced9c l/glibc-2.25-i586-3.txz\n1afd5bdb86c5450b1429e5c3ce7c8fd1 l/glibc-i18n-2.25-i586-3.txz\n55908b021b0fdf6f00027579b885eea0 l/glibc-profile-2.25-i586-3.txz\n\nSlackware x86_64 -current packages:\n1e479e2e03e837f66c95cacb2b7649f7 a/glibc-solibs-2.25-x86_64-3.txz\nec307efb44585984181c4fe0ce01ce30 l/glibc-2.25-x86_64-3.txz\n6503ac6fe173da8a2da47dcbd9c24bb1 l/glibc-i18n-2.25-x86_64-3.txz\n22bc7dc3ec5b8b2bc0ca7aa2226a3094 l/glibc-profile-2.25-x86_64-3.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg glibc-*.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201706-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: GNU C Library: Multiple vulnerabilities\n Date: June 20, 2017\n Bugs: #608698, #608706, #622220\n ID: 201706-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the GNU C Library, the\nworst of which may allow execution of arbitrary code. \n\nBackground\n==========\n\nThe GNU C library is the standard C library used by Gentoo Linux\nsystems. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-libs/glibc \u003c 2.23-r4 \u003e= 2.23-r4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the GNU C Library. \nPlease review the CVE identifiers and Qualys\u0027 security advisory\nreferenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll GNU C Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-libs/glibc-2.23-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-5180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180\n[ 2 ] CVE-2016-6323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323\n[ 3 ] CVE-2017-1000366\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366\n[ 4 ] Qualys Security Advisory - The Stack Clash\n https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201706-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--cxbO5eT2swQBqr8k9tc6wcfapgLAJb4xR--\n\n. SEC Consult Vulnerability Lab Security Advisory \u003c 20190904-0 \u003e\n=======================================================================\n title: Multiple vulnerabilities\n product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,\n Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,\n Cisco 160W\n vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15\n fixed version: see \"Solution\"\n CVE number: -\n impact: High\n homepage: https://www.cisco.com/\n found: 2019-05-15\n by: T. Weber, S. Viehb\u00f6ck (Office Vienna)\n IoT Inspector\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Securely connecting your small business to the outside world is as important\nas connecting your internal network devices to one another. Cisco Small\nBusiness RV Series Routers offer virtual private networking (VPN) technology\nso your remote workers can connect to your network through a secure Internet\npathway.\"\n\nSource: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html\n\n\nBusiness recommendation:\n------------------------\nWe want to thank Cisco for the very quick and professional response and great\ncoordination. Customers are urged to update the firmware of their devices. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Hardcoded Credentials\nThe device contains hardcoded users and passwords which can be used to login\nvia SSH on an emulated device at least. \n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. The outdated version was found by IoT Inspector. One of\nthe discovered vulnerabilities (CVE-2015-7547, \"getaddrinfo() buffer overflow\")\nwas verified by using the MEDUSA scalable firmware runtime. \n\n3) Known BusyBox Vulnerabilities\nThe used BusyBox toolkit in version 1.23.2 is outdated and contains multiple\nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using\nthe MEDUSA scaleable firmware runtime. \n\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\n\nProof of concept:\n-----------------\n1) Hardcoded Credentials\nThe following hardcoded hashes were found in the \u0027shadow\u0027 file of the firmware:\nroot:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7:::\ndebug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7:::\n[...]\n\nThe undocumented user \u0027debug-admin\u0027 is also contained in this file. \n\nStarting the dropbear daemon as background process on emulated firmware:\n-------------------------------------------------------------------------------\n# dropbear -E\n# [1109] \u003ctimestamp\u003e Running in background\n#\n# [1112] \u003ctimestamp\u003e Child connection from \u003cIP\u003e:52718\n[1112] \u003ctimestamp\u003e /var must be owned by user or root, and not writable by others\n[1112] \u003ctimestamp\u003e Password auth succeeded for \u0027debug-admin\u0027 from \u003cIP\u003e:52718\n-------------------------------------------------------------------------------\n\nLog on via another host connected to the same network. For this PoC the\npassword of the debug-admin was changed in the \u0027shadow\u0027 file. \n-------------------------------------------------------------------------------\n[root@localhost medusa]# ssh debug-admin@\u003cIP\u003e /bin/ash -i\ndebug-admin@\u003cIP\u003e\u0027s password:\n/bin/ash: can\u0027t access tty; job control turned off\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n/tmp $\n-------------------------------------------------------------------------------\n\nThe \u0027debug-admin\u0027 user has the same privileges like \u0027root\u0027. This can be\ndetermined from the corresponding sudoers file in the firmware:\n[...]\n## User privilege specification\n##\nroot ALL=(ALL) ALL\ndebug-admin ALL=(ALL) ALL\n\n## Uncomment to allow members of group wheel to execute any command\n# %wheel ALL=(ALL) ALL\n[...]\n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\nThe getaddrinfo() buffer overflow vulnerability was checked with the help of\nthe exploit code from https://github.com/fjserna/CVE-2015-7547. It was compiled\nand executed on the emulated device to test the system. \n\n# python cve-2015-7547-poc.py \u0026\n[1] 961\n# chroot /medusa_rootfs/ bin/ash\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n# gdb cve-2015-7547_glibc_getaddrinfo\n[...]\n[UDP] Total Data len recv 36\n[UDP] Total Data len recv 36\nConnected with 127.0.0.1:41782\n[TCP] Total Data len recv 76\n[TCP] Request1 len recv 36\n[TCP] Request2 len recv 36\nCannot access memory at address 0x4\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x76f1fd58 in ?? () from /lib/libc.so.6\n(gdb)\n\nReferences:\nhttps://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\nhttps://github.com/fjserna/CVE-2015-7547\n\n\n3) Known BusyBox Vulnerabilities\nBusyBox version 1.23.2 contains multiple CVEs like:\nCVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679,\nCVE-2017-16544 and CVE-2019-5747. \nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on\nan emulated device:\n\nA file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created to trigger the\nvulnerability. \n-------------------------------------------------------------------------------\n# ls \"pressing \u003cTAB\u003e\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\nThe summary is below:\nIoT Inspector Vulnerability #1 BusyBox CVE entries\nOutdated BusyBox version is affected by 7 published CVEs. \n\nIoT Inspector Vulnerability #2 curl CVE entries\nOutdated curl version is affected by 35 published CVEs. \n\nIoT Inspector Vulnerability #5 Hardcoded password hashes\nFirmware contains multiple hardcoded credentials. \n\nIoT Inspector Vulnerability #6 Linux Kernel CVE entries\nOutdated Linux Kernel version affected by 512 published CVEs. \n\nIoT Inspector Vulnerability #7 MiniUPnPd CVE entries\nOutdated MiniUPnPd version affected by 2 published CVEs. \n\nIoT Inspector Vulnerability #8 Dnsmasq CVE entries\nOutdated MiniUPnPd version affected by 1 published CVE. \n\nIoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation \u201cpp_key\u201d\nOutdated Linux Kernel version is affected by CVE-2015-7547. \n\nIoT Inspector Vulnerability #10 OpenSSL CVE entries\nOutdated OpenSSL version affected by 6 published CVEs. \n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions have been tested with IoT Inspector and\nfirmware emulation techniques:\nCisco RV340 / 1.0.02.16\nCisco RV340W / 1.0.02.16\nCisco RV345 / 1.0.02.16\nCisco RV345P / 1.0.02.16\nThe following firmware versions have been tested with IoT Inspector only:\nCisco RV260 / 1.0.00.15\nCisco RV260P / 1.0.00.15\nCisco RV260W / 1.0.00.15\nCisco RV160 / 1.0.00.15\nCisco RV160P / 1.0.00.15\n\nThe firmware was obtained from the vendor website:\nhttps://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16\nhttps://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15\n\n\nVendor contact timeline:\n------------------------\n2019-05-15: Contacting vendor through psirt@cisco.com. \n2019-05-16: Vendor confirmed the receipt. \n2019-05-2019-08: Periodic updates about the investigation from the vendor. \n Clarification which of the reported issues will be fixed. \n2019-08-20: The vendor proposed the next possible publication date for the\n advisory for 2019-09-04. The vendor added the RV160 and RV260\n router series to be vulnerable to the same issues too. \n2019-09-04: Coordinated advisory release. \n\n\nSolution:\n---------\nUpgrade to the newest available firmware version. \n\nAdditionally, the vendor provides the following security notice:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter\n\n\nWorkaround:\n-----------\nNone. \n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF T. Weber / @2019\n\n. Description:\n\nRed Hat 3scale API Management Platform 2.0 is a platform for the management\nof access and traffic for web-based APIs across a variety of deployment\noptions. \n\nSecurity Fix(es):\n\n* It was found that RH-3scale AMP would permit creation of an access token\nwithout a client secret. An attacker could use this flaw to circumvent\nauthentication controls and gain access to restricted APIs. (CVE-2017-7512)\n\nThe underlying container image was also rebuilt to resolve other security\nissues. Solution:\n\nTo apply this security fix, use the updated docker images. Bugs fixed (https://bugzilla.redhat.com/):\n\n1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-1000366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "BID",
"id": "99127"
},
{
"db": "VULHUB",
"id": "VHN-100094"
},
{
"db": "PACKETSTORM",
"id": "142999"
},
{
"db": "PACKETSTORM",
"id": "143001"
},
{
"db": "PACKETSTORM",
"id": "142992"
},
{
"db": "PACKETSTORM",
"id": "143225"
},
{
"db": "PACKETSTORM",
"id": "143033"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "143005"
},
{
"db": "PACKETSTORM",
"id": "143264"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-100094",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-100094"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-1000366",
"trust": 3.6
},
{
"db": "BID",
"id": "99127",
"trust": 2.0
},
{
"db": "MCAFEE",
"id": "SB10205",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "154361",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "42274",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "42276",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "42275",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1038712",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3313",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143001",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142992",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142999",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143005",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143225",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142990",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143207",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143201",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-100094",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-100094"
},
{
"db": "BID",
"id": "99127"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "PACKETSTORM",
"id": "142999"
},
{
"db": "PACKETSTORM",
"id": "143001"
},
{
"db": "PACKETSTORM",
"id": "142992"
},
{
"db": "PACKETSTORM",
"id": "143225"
},
{
"db": "PACKETSTORM",
"id": "143033"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "143005"
},
{
"db": "PACKETSTORM",
"id": "143264"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"id": "VAR-201706-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-100094"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:13:10.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-1000366",
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2017-1000366"
},
{
"title": "CVE-2017-1000366",
"trust": 0.8,
"url": "https://www.suse.com/security/cve/cve-2017-1000366/"
},
{
"title": "SUSE products and a new security bug class referred to as \"Stack Clash\".",
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc/?id=7020973"
},
{
"title": "glibc Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71084"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-100094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/security/cve/cve-2017-1000366"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99127"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2017/dsa-3887"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
},
{
"trust": 2.2,
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1481"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201706-19"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1479"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1480"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1712"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/7"
},
{
"trust": 1.7,
"url": "https://www.suse.com/security/cve/cve-2017-1000366/"
},
{
"trust": 1.7,
"url": "https://www.suse.com/support/kb/doc/?id=7020973"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42274/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42275/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42276/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/sep/7"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:1567"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038712"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000366"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10205"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000366"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10960426"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887793"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3313/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10960426"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=efa26d9c13a6fabd34a05139e1d8b2e441b2fae9"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/software/libc/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452543"
},
{
"trust": 0.3,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=cve-2017-1000366"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10205\u0026actp=null\u0026viewlocale=en_us\u0026showdraft=false\u0026platinum_status=false\u0026locale=en_us"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/stackguard"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10205"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=46703a3995aa3ca2b816814aa4ad05ed524194dd"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=adc7e06fb412a2a1ee52f8cb788caf436335b9f3"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3c7cd21290cabdadd72984fb69bc51e64ff1002d"
},
{
"trust": 0.1,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=c69d4a0f680a24fdbe323764a50382ad324041e9"
},
{
"trust": 0.1,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3776f38fcd267c127ba5eb222e2c614c191744aa"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-1000366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5180"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html"
},
{
"trust": 0.1,
"url": "https://r.sec-consult.com/ciscoiot"
},
{
"trust": 0.1,
"url": "https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547."
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-sb-vpnrouter"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20679"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5747"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-1000364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7502"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-100094"
},
{
"db": "BID",
"id": "99127"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "PACKETSTORM",
"id": "142999"
},
{
"db": "PACKETSTORM",
"id": "143001"
},
{
"db": "PACKETSTORM",
"id": "142992"
},
{
"db": "PACKETSTORM",
"id": "143225"
},
{
"db": "PACKETSTORM",
"id": "143033"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "143005"
},
{
"db": "PACKETSTORM",
"id": "143264"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-100094"
},
{
"db": "BID",
"id": "99127"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"db": "PACKETSTORM",
"id": "142999"
},
{
"db": "PACKETSTORM",
"id": "143001"
},
{
"db": "PACKETSTORM",
"id": "142992"
},
{
"db": "PACKETSTORM",
"id": "143225"
},
{
"db": "PACKETSTORM",
"id": "143033"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "143005"
},
{
"db": "PACKETSTORM",
"id": "143264"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-100094"
},
{
"date": "2017-06-19T00:00:00",
"db": "BID",
"id": "99127"
},
{
"date": "2017-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"date": "2017-06-19T23:54:30",
"db": "PACKETSTORM",
"id": "142999"
},
{
"date": "2017-06-19T23:54:48",
"db": "PACKETSTORM",
"id": "143001"
},
{
"date": "2017-06-19T23:53:10",
"db": "PACKETSTORM",
"id": "142992"
},
{
"date": "2017-07-03T18:49:28",
"db": "PACKETSTORM",
"id": "143225"
},
{
"date": "2017-06-20T22:26:23",
"db": "PACKETSTORM",
"id": "143033"
},
{
"date": "2019-09-04T18:32:22",
"db": "PACKETSTORM",
"id": "154361"
},
{
"date": "2017-06-19T23:55:23",
"db": "PACKETSTORM",
"id": "143005"
},
{
"date": "2017-07-06T20:26:00",
"db": "PACKETSTORM",
"id": "143264"
},
{
"date": "2017-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"date": "2017-06-19T16:29:00.310000",
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-100094"
},
{
"date": "2017-09-05T20:13:00",
"db": "BID",
"id": "99127"
},
{
"date": "2017-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005209"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-808"
},
{
"date": "2020-10-15T13:28:10.487000",
"db": "NVD",
"id": "CVE-2017-1000366"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "99127"
},
{
"db": "PACKETSTORM",
"id": "142992"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "glibc Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-808"
}
],
"trust": 0.6
}
}
VAR-201602-0004
Vulnerability from variot - Updated: 2024-07-23 20:01Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. glibc Contains a buffer overflow vulnerability. glibc Is send_dg() and send_vc() A stack-based buffer overflow vulnerability exists due to the processing of.A remote attacker could execute arbitrary code or disrupt service operations (DoS) There is a possibility of being attacked. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system.
There is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0175-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0175.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 =====================================================================
- Summary:
Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)
This issue was discovered by the Google Security Team and Red Hat.
This update also fixes the following bugs:
-
The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270)
-
A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625)
All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm
ppc64: glibc-2.12-1.166.el6_7.7.ppc.rpm glibc-2.12-1.166.el6_7.7.ppc64.rpm glibc-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-devel-2.12-1.166.el6_7.7.ppc.rpm glibc-devel-2.12-1.166.el6_7.7.ppc64.rpm glibc-headers-2.12-1.166.el6_7.7.ppc64.rpm glibc-utils-2.12-1.166.el6_7.7.ppc64.rpm nscd-2.12-1.166.el6_7.7.ppc64.rpm
s390x: glibc-2.12-1.166.el6_7.7.s390.rpm glibc-2.12-1.166.el6_7.7.s390x.rpm glibc-common-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-devel-2.12-1.166.el6_7.7.s390.rpm glibc-devel-2.12-1.166.el6_7.7.s390x.rpm glibc-headers-2.12-1.166.el6_7.7.s390x.rpm glibc-utils-2.12-1.166.el6_7.7.s390x.rpm nscd-2.12-1.166.el6_7.7.s390x.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm
ppc64: glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-static-2.12-1.166.el6_7.7.ppc.rpm glibc-static-2.12-1.166.el6_7.7.ppc64.rpm
s390x: glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-static-2.12-1.166.el6_7.7.s390.rpm glibc-static-2.12-1.166.el6_7.7.s390x.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: glibc-2.12-1.166.el6_7.7.src.rpm
i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm
x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWw0gnXlSAg2UNWIIRAgp4AJ9BIF6YHY/UoQcUvkEfqPbxa4+G6wCgouQY aOCbFFx87AiVZnfSlGYcLjI= =tRjT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
-
Upgrade HP OneView to patch version 2.00.07.
-
HP StoreVirtual VSA Software 12.6
- HP StoreVirtual 4130 600GB SAS Storage 12.6
- HP StoreVirtual 4130 600GB China SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6
- HP StoreVirtual 4330 450GB China SAS Storage 12.6
- HP StoreVirtual 4330 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 450GB SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage 12.6
- HP StoreVirtual 4630 900GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage 12.6
- HP StoreVirtual 4730 900GB SAS Storage 12.6
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4335 China Hybrid Storage 12.6
- HP StoreVirtual 4335 Hybrid Storage 12.6
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6
- HP StoreVirtual 4130 600GB China SAS Storage 12.6
- HP StoreVirtual 4130 600GB SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 450GB China SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6
- HP StoreVirtual 4335 China Hybrid Storage 12.6
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6
- HP StoreVirtual 4335 Hybrid Storage 12.6
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 450GB SAS Storage 12.6
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4630 900GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4730 900GB SAS Storage 12.6
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-7547
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI
d=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerability with glibc for all of the impacted HPE StoreVirtual products.
- LeftHand OS 12.6 - patch 56001
- LeftHand OS 12.5 - patch 55015
Notes:
- These patches will upgrade glibc to 2.12-1.166 to resolve this issue. ============================================================================ Ubuntu Security Notice USN-2900-1 February 16, 2016
eglibc, glibc vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
GNU C Library could be made to crash or run programs if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libc6 2.21-0ubuntu4.1
Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04989404 Version: 1
HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-18 Last Updated: 2016-02-18
Potential Security Impact: Remote Arbitrary Code Execution
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code.
- Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable.
References:
- CVE-2015-7547
- PSRT110035
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
-
HPE Helion Eucalyptus 4.2.1 and earlier
-
HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus.
-
All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS:
https://access.redhat.com/articles/2161461
RHEL Note: After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services.
-
New Helion Eucalyptus Service EMIs will be made available soon in the Eucalyptus software repositories at:
http://downloads.eucalyptus.com/software/eucalyptus/4.2/
Note: This security bulletin will be revised when those updates are available.
Until Helion Eucalyptus EMI updates are available, the following workaround is available to update the instances launched from eucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc packages.
Workaround:
As a cloud administrator:
1) create an update-glibc script with the following content:
#! /bin/bash
yum update -y glibc
2) set the following cloud properties to use that script on instance start:
euctl services.imaging.worker.init_script=@update-glibc
euctl services.loadbalancing.worker.init_script=@update-glibc
This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account:
# euare-accountlist | grep loadbalancing
(eucalyptus)loadbalancing <accnt_id>
# euca-describe-instances verbose | grep <accnt_id>
And terminate them using euca-terminate-instances. New updated instances will be started automatically after that.
For the Imaging Service, the imaging worker needs to be terminated and started again:
# esi-manage-stack -a delete imaging
# esi-manage-stack -a create imaging
HISTORY Version:1 (rev.1) - 17 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
For HPE Helion OpenStack 1.1.1:
Helion OpenStack 1.1.1 customers should engage with HPE Helion Professional Services via existing support channels to assist with the upgrade. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201602-02
https://security.gentoo.org/
Severity: High Title: GNU C Library: Multiple vulnerabilities Date: February 17, 2016 Bugs: #516884, #517082, #521932, #529982, #532874, #538090, #538814, #540070, #541246, #541542, #547296, #552692, #574880 ID: 201602-02
Synopsis
Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/glibc < 2.21-r2 >= 2.21-r2
Description
Multiple vulnerabilities have been discovered in the GNU C Library:
- The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547).
- The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776).
- An integer overflow was found in the __hcreate_r() function (CVE-2015-8778).
- Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779).
Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information.
Workaround
A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below.
Resolution
All GNU C Library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2"
It is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package.
Note: Should you run into compilation failures while updating, please see bug 574948.
References
[ 1 ] CVE-2013-7423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423 [ 2 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 3 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 4 ] CVE-2014-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119 [ 5 ] CVE-2014-6040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040 [ 6 ] CVE-2014-7817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817 [ 7 ] CVE-2014-8121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121 [ 8 ] CVE-2014-9402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402 [ 9 ] CVE-2015-1472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472 [ 10 ] CVE-2015-1781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781 [ 11 ] CVE-2015-7547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547 [ 12 ] CVE-2015-8776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776 [ 13 ] CVE-2015-8778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778 [ 14 ] CVE-2015-8779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779 [ 15 ] Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow"
https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta= ddrinfo-stack.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201602-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 2.0,
"vendor": "suse",
"version": "12"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.2"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fujitsu m10",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2290"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.15"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.1.1"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.16"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.319"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.5"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.1.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.2"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.17"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.19"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.20"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.355"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14.1"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11"
},
{
"model": "c library",
"scope": "lte",
"trust": 0.8,
"vendor": "gnu",
"version": "(glibc) 2.9 from 2.22"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "5.5"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "virtual appliances",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "2290 (fujitsu m10-1/m10-4/m10-4s server )"
},
{
"model": "clusterpro",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver6.1"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver7.0"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver7.1"
},
{
"model": "enterprisedirectoryserver",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver8.0 (red hat enterprise linux 6 and 7)"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver4.1"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver5.0"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver5.1"
},
{
"model": "enterpriseidentitymanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "linux edition ver8.0 (red hat enterprise linux 6 and 7)"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series intersecvm/sg v1.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series sg3600lm/lg/lj v6.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.0"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2"
},
{
"model": "express5800",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/sg series univerge sg3000lg/lj"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series v5.0.0 to v5.0.3"
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "m/d/s/a/e series"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "-v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "-v7"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.5 ~ v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.5 ~ v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.5 ~ v9.4"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "(for corba application) v8.5 ~ v9.4"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.5 ~ v9.3"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v9.1 ~ v9.3"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter r14.1"
},
{
"model": "websam",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "jobcenter r14.2"
},
{
"model": "websam assetsuite",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "glibc",
"scope": "gt",
"trust": 0.6,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "ape",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "basic rt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "rox ii os",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.0\u003c=v2.9.0"
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:server_migration_pack:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:helion_openstack:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.319:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.355:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2290",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
}
],
"trust": 0.6
},
"cve": "CVE-2015-7547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7547",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01100",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85508",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7547",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7547",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85508",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module. glibc Contains a buffer overflow vulnerability. glibc Is send_dg() and send_vc() A stack-based buffer overflow vulnerability exists due to the processing of.A remote attacker could execute arbitrary code or disrupt service operations (DoS) There is a possibility of being attacked. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. \n\nThere is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: glibc security and bug fix update\nAdvisory ID: RHSA-2016:0175-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0175.html\nIssue date: 2016-02-16\nCVE Names: CVE-2015-7547 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nA stack-based buffer overflow was found in the way the libresolv library\nperformed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the\nnss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat. \n\nThis update also fixes the following bugs:\n\n* The dynamic loader has been enhanced to allow the loading of more shared\nlibraries that make use of static thread local storage. While static thread\nlocal storage is the fastest access mechanism it may also prevent the\nshared library from being loaded at all since the static storage space is a\nlimited and shared process-global resource. Applications which would\npreviously fail with \"dlopen: cannot load any more object with static TLS\"\nshould now start up correctly. (BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of large\nthread-local storage data that exceeded PTHREAD_STACK_MIN in size\n(generally 16 KiB). The bug in librt has been corrected and the impacted\nAPIs no longer return errors when large thread-local storage data is\npresent in the application. (BZ#1301625)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-headers-2.12-1.166.el6_7.7.i686.rpm\nglibc-utils-2.12-1.166.el6_7.7.i686.rpm\nnscd-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-headers-2.12-1.166.el6_7.7.i686.rpm\nglibc-utils-2.12-1.166.el6_7.7.i686.rpm\nnscd-2.12-1.166.el6_7.7.i686.rpm\n\nppc64:\nglibc-2.12-1.166.el6_7.7.ppc.rpm\nglibc-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-common-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-devel-2.12-1.166.el6_7.7.ppc.rpm\nglibc-devel-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-headers-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-utils-2.12-1.166.el6_7.7.ppc64.rpm\nnscd-2.12-1.166.el6_7.7.ppc64.rpm\n\ns390x:\nglibc-2.12-1.166.el6_7.7.s390.rpm\nglibc-2.12-1.166.el6_7.7.s390x.rpm\nglibc-common-2.12-1.166.el6_7.7.s390x.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm\nglibc-devel-2.12-1.166.el6_7.7.s390.rpm\nglibc-devel-2.12-1.166.el6_7.7.s390x.rpm\nglibc-headers-2.12-1.166.el6_7.7.s390x.rpm\nglibc-utils-2.12-1.166.el6_7.7.s390x.rpm\nnscd-2.12-1.166.el6_7.7.s390x.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm\nglibc-static-2.12-1.166.el6_7.7.ppc.rpm\nglibc-static-2.12-1.166.el6_7.7.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm\nglibc-static-2.12-1.166.el6_7.7.s390.rpm\nglibc-static-2.12-1.166.el6_7.7.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nglibc-2.12-1.166.el6_7.7.src.rpm\n\ni386:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-headers-2.12-1.166.el6_7.7.i686.rpm\nglibc-utils-2.12-1.166.el6_7.7.i686.rpm\nnscd-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-2.12-1.166.el6_7.7.i686.rpm\nglibc-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-devel-2.12-1.166.el6_7.7.i686.rpm\nglibc-devel-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-utils-2.12-1.166.el6_7.7.x86_64.rpm\nnscd-2.12-1.166.el6_7.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm\nglibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm\nglibc-static-2.12-1.166.el6_7.7.i686.rpm\nglibc-static-2.12-1.166.el6_7.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7547\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/articles/2161461\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWw0gnXlSAg2UNWIIRAgp4AJ9BIF6YHY/UoQcUvkEfqPbxa4+G6wCgouQY\naOCbFFx87AiVZnfSlGYcLjI=\n=tRjT\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n - Upgrade HP OneView to patch version 2.00.07. \n\n - HP StoreVirtual VSA Software 12.6\n - HP StoreVirtual 4130 600GB SAS Storage 12.6\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 450GB SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage 12.6\n - HP StoreVirtual 4630 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage 12.6\n - HP StoreVirtual 4730 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4335 China Hybrid Storage 12.6\n - HP StoreVirtual 4335 Hybrid Storage 12.6\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6\n - HP StoreVirtual 4130 600GB SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6\n - HP StoreVirtual 4335 China Hybrid Storage 12.6\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6\n - HP StoreVirtual 4335 Hybrid Storage 12.6\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 450GB SAS Storage 12.6\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4630 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4730 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-7547\n 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerability with glibc for all of the impacted HPE StoreVirtual products. \n\n - LeftHand OS 12.6 - patch 56001\n - LeftHand OS 12.5 - patch 55015\n\n **Notes:**\n\n - These patches will upgrade glibc to 2.12-1.166 to resolve this issue. ============================================================================\nUbuntu Security Notice USN-2900-1\nFebruary 16, 2016\n\neglibc, glibc vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nGNU C Library could be made to crash or run programs if it received\nspecially crafted network traffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libc6 2.21-0ubuntu4.1\n\nUbuntu 14.04 LTS:\n libc6 2.19-0ubuntu6.7\n\nUbuntu 12.04 LTS:\n libc6 2.15-0ubuntu10.13\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04989404\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04989404\nVersion: 1\n\nHPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion\nEucalyptus Components using glibc, Remote Arbitrary Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-18\nLast Updated: 2016-02-18\n\nPotential Security Impact: Remote Arbitrary Code Execution\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in glibc has been addressed with HPE Helion\nEucalyptus Node Controller and other Helion Eucalyptus components. The\nvulnerability could be exploited remotely resulting in arbitrary execution of\ncode. \n\n - Helion Eucalyptus Node Controller (NC) components are confirmed to be\naffected by the vulnerability. Other Helion Eucalyptus components and\npre-bundled service EMIs do not directly expose the vulnerability, but\nbecause glibc is a commonly used library on Linux, the exact exposure is hard\nto determine. Any software performing domain name resolution is potentially\nvulnerable. \n\nReferences:\n\n - CVE-2015-7547\n - PSRT110035\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Helion Eucalyptus 4.2.1 and earlier\n\n - HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services\npackage \"eucalyptus-service-image-1.48-0.87.99\" and earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has made the following software updates and workaround information\navailable to resolve the vulnerability with glibc for HPE Helion Eucalyptus. \n\n+ All hosts running HPE Helion Eucalyptus services should be upgraded to the\nlatest glibc. Updated glibc packages are available for RHEL and CentOS:\n\n https://access.redhat.com/articles/2161461\n\n **RHEL Note:** After following the guidelines for RHEL, a reboot is the\nsafest and recommended way to ensure that updates takes effect for all\nservices. \n\n+ New Helion Eucalyptus Service EMIs will be made available soon in the\nEucalyptus software repositories at:\n\n http://downloads.eucalyptus.com/software/eucalyptus/4.2/\n\n **Note:** This security bulletin will be revised when those updates are\navailable. \n\nUntil Helion Eucalyptus EMI updates are available, the following workaround\nis available to update the instances launched from\neucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc\npackages. \n\n**Workaround:**\n\n As a cloud administrator:\n\n 1) create an update-glibc script with the following content:\n\n #! /bin/bash\n yum update -y glibc\n\n 2) set the following cloud properties to use that script on instance start:\n\n euctl services.imaging.worker.init_script=@update-glibc\n euctl services.loadbalancing.worker.init_script=@update-glibc\n\n This script will be automatically executed for each of the new instances\nstarted from the service image. For instances that are already\nrunning, the cloud administrator will need to terminate them and start again\nfor the script to take effect. More specifically, for the Load Balancing\nservice, the cloud admin needs to find all instances running under the\n\"(eucalyptus)loadbalancing\" account:\n\n # euare-accountlist | grep loadbalancing\n (eucalyptus)loadbalancing \u003caccnt_id\u003e\n\n # euca-describe-instances verbose | grep \u003caccnt_id\u003e\n\n And terminate them using euca-terminate-instances. New updated instances\nwill be started automatically after that. \n\n For the Imaging Service, the imaging worker needs to be terminated and\nstarted again:\n\n # esi-manage-stack -a delete imaging\n # esi-manage-stack -a create imaging\n\nHISTORY\nVersion:1 (rev.1) - 17 February 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nFor HPE Helion OpenStack 1.1.1:\n\nHelion OpenStack 1.1.1 customers should engage with HPE Helion Professional\nServices via existing support channels to assist with the upgrade. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201602-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: GNU C Library: Multiple vulnerabilities\n Date: February 17, 2016\n Bugs: #516884, #517082, #521932, #529982, #532874, #538090,\n #538814, #540070, #541246, #541542, #547296, #552692, #574880\n ID: 201602-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the GNU C library, the\nworst allowing for remote execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-libs/glibc \u003c 2.21-r2 \u003e= 2.21-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n* The Google Security Team and Red Hat discovered a stack-based buffer\n overflow in the send_dg() and send_vc() functions due to a buffer\n mismanagement when getaddrinfo() is called with AF_UNSPEC\n (CVE-2015-7547). \n* The strftime() function access invalid memory when passed\n out-of-range data, resulting in a crash (CVE-2015-8776). \n* An integer overflow was found in the __hcreate_r() function\n (CVE-2015-8778). \n* Multiple unbounded stack allocations were found in the catopen()\n function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities\nthat had already been fixed in previous versions of sys-libs/glibc, for\nwhich we have not issued a GLSA before. The other vulnerabilities can possibly be\nexploited to cause a Denial of Service or leak information. \n\nWorkaround\n==========\n\nA number of mitigating factors for CVE-2015-7547 have been identified. \nPlease review the upstream advisory and references below. \n\nResolution\n==========\n\nAll GNU C Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-libs/glibc-2.21-r2\"\n\nIt is important to ensure that no running process uses the old glibc\nanymore. The easiest way to achieve that is by rebooting the machine\nafter updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please\nsee bug 574948. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-7423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423\n[ 2 ] CVE-2014-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475\n[ 3 ] CVE-2014-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475\n[ 4 ] CVE-2014-5119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119\n[ 5 ] CVE-2014-6040\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040\n[ 6 ] CVE-2014-7817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817\n[ 7 ] CVE-2014-8121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121\n[ 8 ] CVE-2014-9402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402\n[ 9 ] CVE-2015-1472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472\n[ 10 ] CVE-2015-1781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781\n[ 11 ] CVE-2015-7547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547\n[ 12 ] CVE-2015-8776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776\n[ 13 ] CVE-2015-8778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778\n[ 14 ] CVE-2015-8779\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779\n[ 15 ] Google Online Security Blog: \"CVE-2015-7547: glibc getaddrinfo\n stack-based buffer overflow\"\n\nhttps://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta=\nddrinfo-stack.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201602-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85508",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7547",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#457759",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-16-103-01",
"trust": 1.9
},
{
"db": "BID",
"id": "83265",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39454",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "40339",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10150",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167552",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "164014",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "135802",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "154361",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035020",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA40161",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TRA-2017-08",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97236594",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419",
"trust": 0.8
},
{
"db": "SIEMENS",
"id": "SSA-301706",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "137497",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136988",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138068",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135853",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137112",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135801",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136048",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135971",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135856",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136881",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135911",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138601",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-90749",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"id": "VAR-201602-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
],
"trust": 0.8356060666666666
},
"last_update_date": "2024-07-23T20:01:54.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 961721",
"trust": 0.8,
"url": "https://bugzilla.novell.com/show_bug.cgi?id=cve-2015-7547"
},
{
"title": "CESA-2016:0176 Critical CentOS 7 glibc Security Update",
"trust": 0.8,
"url": "https://lists.centos.org/pipermail/centos-announce/2016-february/021672.html"
},
{
"title": "CESA-2016:0175 Critical CentOS 6 glibc Security Update",
"trust": 0.8,
"url": "https://lists.centos.org/pipermail/centos-announce/2016-february/021668.html"
},
{
"title": "cisco-sa-20160218-glibc",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160218-glibc"
},
{
"title": "CVE-2015-7547",
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"title": "CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).",
"trust": 0.8,
"url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca"
},
{
"title": "HPSBGN03442",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"title": "HPSBMU03591",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"title": "HPSBGN03547",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"title": "HPSBMU03612",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
},
{
"title": "HPSBGN03549",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"title": "HPSBNS03571",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05073516"
},
{
"title": "HPSBGN03551",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"title": "HPSBST03598",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"title": "HPSBGN03553",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05176716"
},
{
"title": "HPSBST03603",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"title": "HPSBGN03582",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"title": "HPSBGN03597",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"title": "HPSBHF03578",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97236594/522154/index.html"
},
{
"title": "glibc \u306e\u8106\u5f31\u6027(CVE-2015-7547)\u306e\u5f71\u97ff\u3068\u5bfe\u51e6",
"trust": 0.8,
"url": "http://www.miraclelinux.com/security/cve-2015-7547"
},
{
"title": "NV16-003",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-003.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
},
{
"title": "Bug 1293532",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"title": "Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547)",
"trust": 0.8,
"url": "https://access.redhat.com/articles/2161461"
},
{
"title": "\u91cd\u5927\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u6b20\u9665: getaddrinfo() \u3067\u306e glibc \u30b9\u30bf\u30c3\u30af\u30d9\u30fc\u30b9\u306e\u30d0\u30c3\u30d5\u30a1\u30fc\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc (CVE-2015-7547)",
"trust": 0.8,
"url": "https://access.redhat.com/ja/articles/2170311"
},
{
"title": "\u300cglibc \u306b\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u300d\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/jvn97236594.html"
},
{
"title": "SOL47098834: glibc vulnerability CVE-2015-7547",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"title": "April 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
},
{
"title": "CVE-2015-7547 - Debian Security Tracker",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2015-7547"
},
{
"title": "Bug 18665",
"trust": 0.8,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"title": "glibc getaddrinfo Buffer Overflow (CVE-2015-7547)",
"trust": 0.8,
"url": "http://www.tripwire.com/vert/vert-alert/glibc-getaddrinfo-buffer-overflow-cve-2015-7547/"
},
{
"title": "TLSA-2016-7",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-7j.html"
},
{
"title": "CVE-2015-7547 in Ubuntu",
"trust": 0.8,
"url": "http://people.canonical.com/~ubuntu-security/cve/2015/cve-2015-7547.html"
},
{
"title": "VMSA-2016-0002",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"title": "glibc \u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/glibc03/"
},
{
"title": "glibc\u306e\u8106\u5f31\u6027\u300cCVE-2015-7547\u300d\u306b\u5bfe\u3059\u308b\u5f0a\u793e\u88fd\u54c1\u3067\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://esupport.trendmicro.com/solution/ja-jp/1113566.aspx"
},
{
"title": "Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/71529"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-103-01"
},
{
"trust": 1.7,
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/articles/2161461"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0175.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035020"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/sep/7"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/7"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/0"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jun/36"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/83265"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0176.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0225.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0277.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"trust": 1.1,
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"trust": 1.1,
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx206991"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"trust": 1.1,
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"trust": 1.1,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10150"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7547"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160009.html"
},
{
"trust": 0.8,
"url": "https://jprs.jp/tech/security/2016-02-18-glibc-vuln-getaddrinfo.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97236594/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7547"
},
{
"trust": 0.8,
"url": "https://googleonlinesecurity.blogspot.jp/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf"
},
{
"trust": 0.6,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "https://isc.sans.edu/diary/cve-2015-7547"
},
{
"trust": 0.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.6,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.6,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145690841819314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145596041017029\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145672440608228\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145857691004892\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=146161017210491\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10150"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnu"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2900-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "http://downloads.eucalyptus.com/software/eucalyptus/4.2/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://helion.hpwsportal.com"
},
{
"trust": 0.1,
"url": "http://docs.hpcloud.com/#helion/installation/upgrade20_to_212.html"
},
{
"trust": 0.1,
"url": "http://docs.hpcloud.com/#helion/installation/upgrade_to_212.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6040"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1781"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135853"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"date": "2016-02-16T17:17:25",
"db": "PACKETSTORM",
"id": "135789"
},
{
"date": "2016-06-16T15:13:17",
"db": "PACKETSTORM",
"id": "137497"
},
{
"date": "2016-07-27T14:25:21",
"db": "PACKETSTORM",
"id": "138068"
},
{
"date": "2016-05-18T23:31:21",
"db": "PACKETSTORM",
"id": "137112"
},
{
"date": "2016-02-17T01:01:26",
"db": "PACKETSTORM",
"id": "135801"
},
{
"date": "2016-02-19T22:33:00",
"db": "PACKETSTORM",
"id": "135853"
},
{
"date": "2016-05-13T16:14:06",
"db": "PACKETSTORM",
"id": "136988"
},
{
"date": "2016-03-03T00:54:17",
"db": "PACKETSTORM",
"id": "136048"
},
{
"date": "2016-02-17T23:53:39",
"db": "PACKETSTORM",
"id": "135810"
},
{
"date": "2016-02-18T21:59:00.120000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2017-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001419"
},
{
"date": "2023-02-12T23:15:36.457000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135810"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "glibc Buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "137497"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "137112"
},
{
"db": "PACKETSTORM",
"id": "136048"
}
],
"trust": 0.4
}
}
VAR-201509-0438
Vulnerability from variot - Updated: 2024-07-23 19:37Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. GNU glibc is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781 https://rhn.redhat.com/errata/RHSA-2015-0863.html
Updated Packages:
Mandriva Business Server 1/X86_64: 92aa475c44c712eaf19898ef76e04183 mbs1/x86_64/glibc-2.14.1-12.12.mbs1.x86_64.rpm 606cdd33e041f9853eae18f53c9d73de mbs1/x86_64/glibc-devel-2.14.1-12.12.mbs1.x86_64.rpm 133deb850840d464335e5c659cba1627 mbs1/x86_64/glibc-doc-2.14.1-12.12.mbs1.noarch.rpm 7a3d5170647c52cd4a34d2dcda711397 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.12.mbs1.noarch.rpm 96c842afb6110ac18a40b843b51548fc mbs1/x86_64/glibc-i18ndata-2.14.1-12.12.mbs1.x86_64.rpm 703e73278d416a53096fe19c7652c95e mbs1/x86_64/glibc-profile-2.14.1-12.12.mbs1.x86_64.rpm 12f09ed16d9c4b0f9a94e931569dacc3 mbs1/x86_64/glibc-static-devel-2.14.1-12.12.mbs1.x86_64.rpm 09715361d0af4a4dd5fba44239c5e690 mbs1/x86_64/glibc-utils-2.14.1-12.12.mbs1.x86_64.rpm c9a293ac29070d215eb1988bba58aaec mbs1/x86_64/nscd-2.14.1-12.12.mbs1.x86_64.rpm 8d8b74de2d7c0e982e0ad82ac73091b2 mbs1/SRPMS/glibc-2.14.1-12.12.mbs1.src.rpm
Mandriva Business Server 2/X86_64: e59cee8712d211add638c1b6c1952fa6 mbs2/x86_64/glibc-2.18-10.2.mbs2.x86_64.rpm baf9e44f8c4f82c75a0154d44b6fce72 mbs2/x86_64/glibc-devel-2.18-10.2.mbs2.x86_64.rpm f3eb6e3ed435f8a06dcffbfa7a44525b mbs2/x86_64/glibc-doc-2.18-10.2.mbs2.noarch.rpm 5df45f7cae82ef7d354fa14c7ac363c9 mbs2/x86_64/glibc-i18ndata-2.18-10.2.mbs2.x86_64.rpm 24ef48d58c7a4114068e7b70dbefad79 mbs2/x86_64/glibc-profile-2.18-10.2.mbs2.x86_64.rpm 5f67c12f02dbc3f4cbf78f1a8c7d5ad5 mbs2/x86_64/glibc-static-devel-2.18-10.2.mbs2.x86_64.rpm f24e67e1ed1b01e5305c28b3a9b02852 mbs2/x86_64/glibc-utils-2.18-10.2.mbs2.x86_64.rpm bae4b399bc43be8af24ddd93257ca31a mbs2/x86_64/nscd-2.18-10.2.mbs2.x86_64.rpm 740d9b3d14292be8847da92243340b62 mbs2/SRPMS/glibc-2.18-10.2.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2015:2199-07 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2199.html Issue date: 2015-11-19 CVE Names: CVE-2013-7423 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 =====================================================================
- Summary:
Updated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423)
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. (CVE-2015-1781)
A heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. (CVE-2015-1472, CVE-2015-1473)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. (BZ#1195762)
A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application. (BZ#1197730)
The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.
These updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal:
https://access.redhat.com/articles/2050743
All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1064066 - Test suite failure: test-ldouble 1098042 - getaddrinfo return EAI_NONAME instead of EAI_AGAIN in case the DNS query times out 1144133 - calloc in dl-reloc.c computes size incorrectly 1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load 1188235 - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf 1195762 - glibc: _IO_wstr_overflow integer overflow 1197730 - glibc: potential denial of service in internal_fnmatch() 1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer 1207032 - glibc deadlock when printing backtrace from memory allocator 1209105 - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf 1219891 - Missing define for TCP_USER_TIMEOUT in netinet/tcp.h 1225490 - [RFE] Unconditionally enable SDT probes in glibc builds.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: glibc-2.17-105.el7.src.rpm
x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: glibc-2.17-105.el7.src.rpm
x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: glibc-2.17-105.el7.src.rpm
aarch64: glibc-2.17-105.el7.aarch64.rpm glibc-common-2.17-105.el7.aarch64.rpm glibc-debuginfo-2.17-105.el7.aarch64.rpm glibc-devel-2.17-105.el7.aarch64.rpm glibc-headers-2.17-105.el7.aarch64.rpm glibc-utils-2.17-105.el7.aarch64.rpm nscd-2.17-105.el7.aarch64.rpm
ppc64: glibc-2.17-105.el7.ppc.rpm glibc-2.17-105.el7.ppc64.rpm glibc-common-2.17-105.el7.ppc64.rpm glibc-debuginfo-2.17-105.el7.ppc.rpm glibc-debuginfo-2.17-105.el7.ppc64.rpm glibc-debuginfo-common-2.17-105.el7.ppc.rpm glibc-debuginfo-common-2.17-105.el7.ppc64.rpm glibc-devel-2.17-105.el7.ppc.rpm glibc-devel-2.17-105.el7.ppc64.rpm glibc-headers-2.17-105.el7.ppc64.rpm glibc-utils-2.17-105.el7.ppc64.rpm nscd-2.17-105.el7.ppc64.rpm
ppc64le: glibc-2.17-105.el7.ppc64le.rpm glibc-common-2.17-105.el7.ppc64le.rpm glibc-debuginfo-2.17-105.el7.ppc64le.rpm glibc-debuginfo-common-2.17-105.el7.ppc64le.rpm glibc-devel-2.17-105.el7.ppc64le.rpm glibc-headers-2.17-105.el7.ppc64le.rpm glibc-utils-2.17-105.el7.ppc64le.rpm nscd-2.17-105.el7.ppc64le.rpm
s390x: glibc-2.17-105.el7.s390.rpm glibc-2.17-105.el7.s390x.rpm glibc-common-2.17-105.el7.s390x.rpm glibc-debuginfo-2.17-105.el7.s390.rpm glibc-debuginfo-2.17-105.el7.s390x.rpm glibc-debuginfo-common-2.17-105.el7.s390.rpm glibc-debuginfo-common-2.17-105.el7.s390x.rpm glibc-devel-2.17-105.el7.s390.rpm glibc-devel-2.17-105.el7.s390x.rpm glibc-headers-2.17-105.el7.s390x.rpm glibc-utils-2.17-105.el7.s390x.rpm nscd-2.17-105.el7.s390x.rpm
x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: glibc-debuginfo-2.17-105.el7.aarch64.rpm glibc-static-2.17-105.el7.aarch64.rpm
ppc64: glibc-debuginfo-2.17-105.el7.ppc.rpm glibc-debuginfo-2.17-105.el7.ppc64.rpm glibc-debuginfo-common-2.17-105.el7.ppc.rpm glibc-debuginfo-common-2.17-105.el7.ppc64.rpm glibc-static-2.17-105.el7.ppc.rpm glibc-static-2.17-105.el7.ppc64.rpm
ppc64le: glibc-debuginfo-2.17-105.el7.ppc64le.rpm glibc-debuginfo-common-2.17-105.el7.ppc64le.rpm glibc-static-2.17-105.el7.ppc64le.rpm
s390x: glibc-debuginfo-2.17-105.el7.s390.rpm glibc-debuginfo-2.17-105.el7.s390x.rpm glibc-debuginfo-common-2.17-105.el7.s390.rpm glibc-debuginfo-common-2.17-105.el7.s390x.rpm glibc-static-2.17-105.el7.s390.rpm glibc-static-2.17-105.el7.s390x.rpm
x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: glibc-2.17-105.el7.src.rpm
x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2013-7423 https://access.redhat.com/security/cve/CVE-2015-1472 https://access.redhat.com/security/cve/CVE-2015-1473 https://access.redhat.com/security/cve/CVE-2015-1781 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2050743
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWTkEYXlSAg2UNWIIRAueyAJ98kB1kgF2zvCkEn5k70+Aq5ynM3QCfS8Lx xSL2O69mtC2Sh4D4RYIP+2k= =MEoD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The CVE-2015-7547 vulnerability listed below is considered to have critical impact.
CVE-2014-8121
Robin Hack discovered that the nss_files database did not
correctly implement enumeration interleaved with name-based or
ID-based lookups. This could cause the enumeration enter an
endless loop, leading to a denial of service. Most applications are not
affected by this vulnerability because they use aligned buffers.
CVE-2015-7547
The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.
CVE-2015-8776
Adam Nielsen discovered that if an invalid separated time value
is passed to strftime, the strftime function could crash or leak
information. Applications normally pass only valid time
information to strftime; no affected applications are known.
CVE-2015-8777
Hector Marco-Gisbert reported that LD_POINTER_GUARD was not
ignored for SUID programs, enabling an unintended bypass of a
security feature. This update causes eglibc to always ignore the
LD_POINTER_GUARD environment variable.
CVE-2015-8778
Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
functions did not check the size argument properly, leading to a
crash (denial of service) for certain arguments. No impacted
applications are known at this time.
CVE-2015-8779
The catopen function contains several unbound stack allocations
(stack overflows), causing it the crash the process (denial of
service). No applications where this issue has a security impact
are currently known.
The following fixed vulnerabilities currently lack CVE assignment:
Joseph Myers reported discovered that an integer overflow in the
strxfrm can lead to heap-based buffer overflow, possibly allowing
arbitrary code execution. In addition, a fallback path in strxfrm
uses an unbounded stack allocation (stack overflow), leading to a
crash or erroneous application behavior.
Kostya Serebryany reported that the fnmatch function could skip
over the terminating NUL character of a malformed pattern, causing
an application calling fnmatch to crash (denial of service). On
GNU/Linux systems, wide-oriented character streams are rarely
used, and no affected applications are known.
Andreas Schwab reported a memory leak (memory allocation without a
matching deallocation) while processing certain DNS answers in
getaddrinfo, related to the _nss_dns_gethostbyname4_r function.
This vulnerability could lead to a denial of service.
While it is only necessary to ensure that all processes are not using the old eglibc anymore, it is recommended to reboot the machines after applying the security upgrade.
For the oldstable distribution (wheezy), these problems have been fixed in version 2.13-38+deb7u10.
We recommend that you upgrade your eglibc packages. 6) - i386, x86_64
This update also fixes the following bug:
- Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. ========================================================================== Ubuntu Security Notice USN-2985-2 May 26, 2016
eglibc, glibc regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-2985-1 introduced a regression in the GNU C Library.
Software Description: - glibc: GNU C Library - eglibc: GNU C Library
Details:
USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue.
We apologize for the inconvenience.
Original advisory details:
Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. (CVE-2013-2207, CVE-2016-2856)
Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. (CVE-2014-8121)
Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). (CVE-2014-9761)
Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. (CVE-2015-1781)
Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. (CVE-2015-8776)
Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. (CVE-2015-8778)
Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. (CVE-2015-8779)
Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. (CVE-2016-3075)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libc-bin 2.21-0ubuntu4.3 libc6 2.21-0ubuntu4.3 libc6-dev 2.21-0ubuntu4.3
Ubuntu 14.04 LTS: libc-bin 2.19-0ubuntu6.9 libc6 2.19-0ubuntu6.9 libc6-dev 2.19-0ubuntu6.9
Ubuntu 12.04 LTS: libc-bin 2.15-0ubuntu10.15 libc6 2.15-0ubuntu10.15 libc6-dev 2.15-0ubuntu10.15
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "glibc",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "c library",
"scope": "lt",
"trust": 0.8,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "suse linux enterprise debuginfo",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp3"
},
{
"model": "suse linux enterprise debuginfo",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp4"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp3"
},
{
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp4"
},
{
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp3"
},
{
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp4"
},
{
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "for vmware 11-sp3"
},
{
"model": "suse linux enterprise software development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp3"
},
{
"model": "suse linux enterprise software development kit",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "11-sp4"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.6,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 0.6,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.6,
"vendor": "suse",
"version": "11.0"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.3"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.0"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "ds8700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "76.31.143.0"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.11"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "proventia network enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "security virtual server protection for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.0"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.1"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "power hmc sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8.2.0"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.3"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "ds8700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "87.51.14.x"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "power hmc sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8.1.0"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "ib6131 gb infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "83.4"
},
{
"model": "ds8800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "86.31.167.0"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "tssc",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.9"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "flex system en6131 40gb ethernet switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.2"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.0"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.3"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "flex system en6131 40gb ethernet switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.1000"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.16"
},
{
"model": "enterprise linux server eus 6.6.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.21"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security virtual server protection for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "tssc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.44"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "power hmc",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8.3.0"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "ds8800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "flex system en6131 40gb ethernet switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.15"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "ib6131 gb infiniband switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "83.5.1000"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.0"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "flex system chassis management module 2pet",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "flex system chassis management module 2pet14c-2.5.5c",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "ds8700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "87.41.17.x"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "ib6131 gb infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "83.2"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "security virtual server protection for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.12"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.3"
},
{
"model": "glibc",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "74255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arjun Shankar of Red Hat",
"sources": [
{
"db": "BID",
"id": "74255"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
}
],
"trust": 0.9
},
"cve": "CVE-2015-1781",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1781",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1781",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-1781",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. GNU glibc is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781\n https://rhn.redhat.com/errata/RHSA-2015-0863.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 92aa475c44c712eaf19898ef76e04183 mbs1/x86_64/glibc-2.14.1-12.12.mbs1.x86_64.rpm\n 606cdd33e041f9853eae18f53c9d73de mbs1/x86_64/glibc-devel-2.14.1-12.12.mbs1.x86_64.rpm\n 133deb850840d464335e5c659cba1627 mbs1/x86_64/glibc-doc-2.14.1-12.12.mbs1.noarch.rpm\n 7a3d5170647c52cd4a34d2dcda711397 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.12.mbs1.noarch.rpm\n 96c842afb6110ac18a40b843b51548fc mbs1/x86_64/glibc-i18ndata-2.14.1-12.12.mbs1.x86_64.rpm\n 703e73278d416a53096fe19c7652c95e mbs1/x86_64/glibc-profile-2.14.1-12.12.mbs1.x86_64.rpm\n 12f09ed16d9c4b0f9a94e931569dacc3 mbs1/x86_64/glibc-static-devel-2.14.1-12.12.mbs1.x86_64.rpm\n 09715361d0af4a4dd5fba44239c5e690 mbs1/x86_64/glibc-utils-2.14.1-12.12.mbs1.x86_64.rpm\n c9a293ac29070d215eb1988bba58aaec mbs1/x86_64/nscd-2.14.1-12.12.mbs1.x86_64.rpm \n 8d8b74de2d7c0e982e0ad82ac73091b2 mbs1/SRPMS/glibc-2.14.1-12.12.mbs1.src.rpm\n\n Mandriva Business Server 2/X86_64:\n e59cee8712d211add638c1b6c1952fa6 mbs2/x86_64/glibc-2.18-10.2.mbs2.x86_64.rpm\n baf9e44f8c4f82c75a0154d44b6fce72 mbs2/x86_64/glibc-devel-2.18-10.2.mbs2.x86_64.rpm\n f3eb6e3ed435f8a06dcffbfa7a44525b mbs2/x86_64/glibc-doc-2.18-10.2.mbs2.noarch.rpm\n 5df45f7cae82ef7d354fa14c7ac363c9 mbs2/x86_64/glibc-i18ndata-2.18-10.2.mbs2.x86_64.rpm\n 24ef48d58c7a4114068e7b70dbefad79 mbs2/x86_64/glibc-profile-2.18-10.2.mbs2.x86_64.rpm\n 5f67c12f02dbc3f4cbf78f1a8c7d5ad5 mbs2/x86_64/glibc-static-devel-2.18-10.2.mbs2.x86_64.rpm\n f24e67e1ed1b01e5305c28b3a9b02852 mbs2/x86_64/glibc-utils-2.18-10.2.mbs2.x86_64.rpm\n bae4b399bc43be8af24ddd93257ca31a mbs2/x86_64/nscd-2.18-10.2.mbs2.x86_64.rpm \n 740d9b3d14292be8847da92243340b62 mbs2/SRPMS/glibc-2.18-10.2.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nIt was discovered that the nss_files backend for the Name Service Switch in\nglibc would return incorrect data to applications or corrupt the heap\n(depending on adjacent heap contents). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: glibc security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:2199-07\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2199.html\nIssue date: 2015-11-19\nCVE Names: CVE-2013-7423 CVE-2015-1472 CVE-2015-1473 \n CVE-2015-1781 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix multiple security issues, several bugs, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nIt was discovered that, under certain circumstances, glibc\u0027s getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc\u0027s gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc\u0027s swscanf() function. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc\u0027s _IO_wstr_overflow() function. (BZ#1195762)\n\nA flaw was found in the way glibc\u0027s fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. \n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1064066 - Test suite failure: test-ldouble\n1098042 - getaddrinfo return EAI_NONAME instead of EAI_AGAIN in case the DNS query times out\n1144133 - calloc in dl-reloc.c computes size incorrectly\n1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load\n1188235 - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf\n1195762 - glibc: _IO_wstr_overflow integer overflow\n1197730 - glibc: potential denial of service in internal_fnmatch()\n1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer\n1207032 - glibc deadlock when printing backtrace from memory allocator\n1209105 - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf\n1219891 - Missing define for TCP_USER_TIMEOUT in netinet/tcp.h\n1225490 - [RFE] Unconditionally enable SDT probes in glibc builds. \n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\naarch64:\nglibc-2.17-105.el7.aarch64.rpm\nglibc-common-2.17-105.el7.aarch64.rpm\nglibc-debuginfo-2.17-105.el7.aarch64.rpm\nglibc-devel-2.17-105.el7.aarch64.rpm\nglibc-headers-2.17-105.el7.aarch64.rpm\nglibc-utils-2.17-105.el7.aarch64.rpm\nnscd-2.17-105.el7.aarch64.rpm\n\nppc64:\nglibc-2.17-105.el7.ppc.rpm\nglibc-2.17-105.el7.ppc64.rpm\nglibc-common-2.17-105.el7.ppc64.rpm\nglibc-debuginfo-2.17-105.el7.ppc.rpm\nglibc-debuginfo-2.17-105.el7.ppc64.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64.rpm\nglibc-devel-2.17-105.el7.ppc.rpm\nglibc-devel-2.17-105.el7.ppc64.rpm\nglibc-headers-2.17-105.el7.ppc64.rpm\nglibc-utils-2.17-105.el7.ppc64.rpm\nnscd-2.17-105.el7.ppc64.rpm\n\nppc64le:\nglibc-2.17-105.el7.ppc64le.rpm\nglibc-common-2.17-105.el7.ppc64le.rpm\nglibc-debuginfo-2.17-105.el7.ppc64le.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64le.rpm\nglibc-devel-2.17-105.el7.ppc64le.rpm\nglibc-headers-2.17-105.el7.ppc64le.rpm\nglibc-utils-2.17-105.el7.ppc64le.rpm\nnscd-2.17-105.el7.ppc64le.rpm\n\ns390x:\nglibc-2.17-105.el7.s390.rpm\nglibc-2.17-105.el7.s390x.rpm\nglibc-common-2.17-105.el7.s390x.rpm\nglibc-debuginfo-2.17-105.el7.s390.rpm\nglibc-debuginfo-2.17-105.el7.s390x.rpm\nglibc-debuginfo-common-2.17-105.el7.s390.rpm\nglibc-debuginfo-common-2.17-105.el7.s390x.rpm\nglibc-devel-2.17-105.el7.s390.rpm\nglibc-devel-2.17-105.el7.s390x.rpm\nglibc-headers-2.17-105.el7.s390x.rpm\nglibc-utils-2.17-105.el7.s390x.rpm\nnscd-2.17-105.el7.s390x.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nglibc-debuginfo-2.17-105.el7.aarch64.rpm\nglibc-static-2.17-105.el7.aarch64.rpm\n\nppc64:\nglibc-debuginfo-2.17-105.el7.ppc.rpm\nglibc-debuginfo-2.17-105.el7.ppc64.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64.rpm\nglibc-static-2.17-105.el7.ppc.rpm\nglibc-static-2.17-105.el7.ppc64.rpm\n\nppc64le:\nglibc-debuginfo-2.17-105.el7.ppc64le.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64le.rpm\nglibc-static-2.17-105.el7.ppc64le.rpm\n\ns390x:\nglibc-debuginfo-2.17-105.el7.s390.rpm\nglibc-debuginfo-2.17-105.el7.s390x.rpm\nglibc-debuginfo-common-2.17-105.el7.s390.rpm\nglibc-debuginfo-common-2.17-105.el7.s390x.rpm\nglibc-static-2.17-105.el7.s390.rpm\nglibc-static-2.17-105.el7.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7423\nhttps://access.redhat.com/security/cve/CVE-2015-1472\nhttps://access.redhat.com/security/cve/CVE-2015-1473\nhttps://access.redhat.com/security/cve/CVE-2015-1781\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/2050743\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWTkEYXlSAg2UNWIIRAueyAJ98kB1kgF2zvCkEn5k70+Aq5ynM3QCfS8Lx\nxSL2O69mtC2Sh4D4RYIP+2k=\n=MEoD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe CVE-2015-7547 vulnerability listed below is considered to have\ncritical impact. \n\nCVE-2014-8121\n\n Robin Hack discovered that the nss_files database did not\n correctly implement enumeration interleaved with name-based or\n ID-based lookups. This could cause the enumeration enter an\n endless loop, leading to a denial of service. Most applications are not\n affected by this vulnerability because they use aligned buffers. \n\nCVE-2015-7547\n\n The Google Security Team and Red Hat discovered that the eglibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services. \n\nCVE-2015-8776\n\n Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known. \n\nCVE-2015-8777\n\n Hector Marco-Gisbert reported that LD_POINTER_GUARD was not\n ignored for SUID programs, enabling an unintended bypass of a\n security feature. This update causes eglibc to always ignore the\n LD_POINTER_GUARD environment variable. \n\nCVE-2015-8778\n\n Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time. \n\nCVE-2015-8779\n\n The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known. \n\nThe following fixed vulnerabilities currently lack CVE assignment:\n\n Joseph Myers reported discovered that an integer overflow in the\n strxfrm can lead to heap-based buffer overflow, possibly allowing\n arbitrary code execution. In addition, a fallback path in strxfrm\n uses an unbounded stack allocation (stack overflow), leading to a\n crash or erroneous application behavior. \n\n Kostya Serebryany reported that the fnmatch function could skip\n over the terminating NUL character of a malformed pattern, causing\n an application calling fnmatch to crash (denial of service). On\n GNU/Linux systems, wide-oriented character streams are rarely\n used, and no affected applications are known. \n\n Andreas Schwab reported a memory leak (memory allocation without a\n matching deallocation) while processing certain DNS answers in\n getaddrinfo, related to the _nss_dns_gethostbyname4_r function. \n This vulnerability could lead to a denial of service. \n\nWhile it is only necessary to ensure that all processes are not using\nthe old eglibc anymore, it is recommended to reboot the machines after\napplying the security upgrade. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.13-38+deb7u10. \n\nWe recommend that you upgrade your eglibc packages. 6) - i386, x86_64\n\n3. \n\nThis update also fixes the following bug:\n\n* Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. ==========================================================================\nUbuntu Security Notice USN-2985-2\nMay 26, 2016\n\neglibc, glibc regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-2985-1 introduced a regression in the GNU C Library. \n\nSoftware Description:\n- glibc: GNU C Library\n- eglibc: GNU C Library\n\nDetails:\n\nUSN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for\nCVE-2014-9761 introduced a regression which affected applications that\nuse the libm library but were not fully restarted after the upgrade. \nThis update removes the fix for CVE-2014-9761 and a future update\nwill be provided to address this issue. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Martin Carpenter discovered that pt_chown in the GNU C Library did not\n properly check permissions for tty files. \n (CVE-2013-2207, CVE-2016-2856)\n \n Robin Hack discovered that the Name Service Switch (NSS) implementation in\n the GNU C Library did not properly manage its file descriptors. \n (CVE-2014-8121)\n \n Joseph Myers discovered that the GNU C Library did not properly handle long\n arguments to functions returning a representation of Not a Number (NaN). \n (CVE-2014-9761)\n \n Arjun Shankar discovered that in certain situations the nss_dns code in the\n GNU C Library did not properly account buffer sizes when passed an\n unaligned buffer. (CVE-2015-1781)\n \n Sumit Bose and Lukas Slebodnik discovered that the Name Service\n Switch (NSS) implementation in the GNU C Library did not handle long\n lines in the files databases correctly. (CVE-2015-8776)\n \n Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed\n the pointer-guarding protection mechanism to be disabled by honoring the\n LD_POINTER_GUARD environment variable across privilege boundaries. (CVE-2015-8778)\n \n Maksymilian Arciemowicz discovered a stack-based buffer overflow in the\n catopen function in the GNU C Library when handling long catalog names. (CVE-2015-8779)\n \n Florian Weimer discovered that the getnetbyname implementation in the GNU C\n Library did not properly handle long names passed as arguments. (CVE-2016-3075)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libc-bin 2.21-0ubuntu4.3\n libc6 2.21-0ubuntu4.3\n libc6-dev 2.21-0ubuntu4.3\n\nUbuntu 14.04 LTS:\n libc-bin 2.19-0ubuntu6.9\n libc6 2.19-0ubuntu6.9\n libc6-dev 2.19-0ubuntu6.9\n\nUbuntu 12.04 LTS:\n libc-bin 2.15-0ubuntu10.15\n libc6 2.15-0ubuntu10.15\n libc6-dev 2.15-0ubuntu10.15\n\nAfter a standard system update you need to reboot your computer to\nmake all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1781"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "BID",
"id": "74255"
},
{
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"db": "PACKETSTORM",
"id": "137200"
},
{
"db": "PACKETSTORM",
"id": "131697"
},
{
"db": "PACKETSTORM",
"id": "134717"
},
{
"db": "PACKETSTORM",
"id": "134444"
},
{
"db": "PACKETSTORM",
"id": "135793"
},
{
"db": "PACKETSTORM",
"id": "131539"
},
{
"db": "PACKETSTORM",
"id": "137208"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1781",
"trust": 3.5
},
{
"db": "BID",
"id": "74255",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032178",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-1781",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137200",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131697",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134717",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135793",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131539",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137208",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"db": "BID",
"id": "74255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "PACKETSTORM",
"id": "137200"
},
{
"db": "PACKETSTORM",
"id": "131697"
},
{
"db": "PACKETSTORM",
"id": "134717"
},
{
"db": "PACKETSTORM",
"id": "134444"
},
{
"db": "PACKETSTORM",
"id": "135793"
},
{
"db": "PACKETSTORM",
"id": "131539"
},
{
"db": "PACKETSTORM",
"id": "137208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"id": "VAR-201509-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17692308
},
"last_update_date": "2024-07-23T19:37:44Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SUSE-SU-2015:1424",
"trust": 0.8,
"url": " http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"
},
{
"title": "RHSA-2015:0863",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0863.html"
},
{
"title": "Bug 18287",
"trust": 0.8,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"
},
{
"title": "The GNU C Library version 2.22 is now available",
"trust": 0.8,
"url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
},
{
"title": "CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]",
"trust": 0.8,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386"
},
{
"title": "GNU C Library Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=232528"
},
{
"title": "Red Hat: Moderate: glibc security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152199 - security advisory"
},
{
"title": "Red Hat: Important: glibc security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152589 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2015-1781",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a2c29453eb55cceece213eaabd30c31b"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2013-2207: Remove pt_chown",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=24f036a1c9b3e11b009511a5ff0119fc"
},
{
"title": "Debian CVElist Bug Report Logs: glibc: multiple overflows in strxfrm()",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9c45e614f65364c9f36d20f68260e303"
},
{
"title": "Debian CVElist Bug Report Logs: glibc: Three vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=c894c06b98aa71f44dddf17ba757bd22"
},
{
"title": "Red Hat: CVE-2015-1781",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1781"
},
{
"title": "Debian CVElist Bug Report Logs: libc6: Pointer guarding bypass in dynamic Setuid binaries",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fd388404d431df3846c2735a9f93c550"
},
{
"title": "Amazon Linux AMI: ALAS-2015-513",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-513"
},
{
"title": "Ubuntu Security Notice: eglibc, glibc regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2985-2"
},
{
"title": "Ubuntu Security Notice: eglibc, glibc vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2985-1"
},
{
"title": "Amazon Linux AMI: ALAS-2015-617",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-617"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0863.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2985-1"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2985-2"
},
{
"trust": 1.7,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"
},
{
"trust": 1.7,
"url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/74255"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032178"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
},
{
"trust": 1.6,
"url": "https://sourceware.org/git/?p=glibc.git%3ba=commit%3bh=2959eda9272a03386"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2015-1781"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199525"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1781"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1781"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/errata/rhsa-2015:2199"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1781"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:2589"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:0863"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7423"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/software/libc/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966788"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022665"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023385"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005779"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005255"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020837"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966209"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982433"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988872"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8777"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8121"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2013-7423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3075"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1473"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-1473"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-1472"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2985-2/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.14"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2856"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.8"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2207"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7423"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5277"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-2589.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-2199.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2050743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1585614"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.15"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"db": "BID",
"id": "74255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "PACKETSTORM",
"id": "137200"
},
{
"db": "PACKETSTORM",
"id": "131697"
},
{
"db": "PACKETSTORM",
"id": "134717"
},
{
"db": "PACKETSTORM",
"id": "134444"
},
{
"db": "PACKETSTORM",
"id": "135793"
},
{
"db": "PACKETSTORM",
"id": "131539"
},
{
"db": "PACKETSTORM",
"id": "137208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"db": "BID",
"id": "74255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"db": "PACKETSTORM",
"id": "137200"
},
{
"db": "PACKETSTORM",
"id": "131697"
},
{
"db": "PACKETSTORM",
"id": "134717"
},
{
"db": "PACKETSTORM",
"id": "134444"
},
{
"db": "PACKETSTORM",
"id": "135793"
},
{
"db": "PACKETSTORM",
"id": "131539"
},
{
"db": "PACKETSTORM",
"id": "137208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"date": "2015-04-21T00:00:00",
"db": "BID",
"id": "74255"
},
{
"date": "2015-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"date": "2015-05-26T08:22:22",
"db": "PACKETSTORM",
"id": "137200"
},
{
"date": "2015-04-30T15:46:57",
"db": "PACKETSTORM",
"id": "131697"
},
{
"date": "2015-12-09T15:22:37",
"db": "PACKETSTORM",
"id": "134717"
},
{
"date": "2015-11-20T00:41:22",
"db": "PACKETSTORM",
"id": "134444"
},
{
"date": "2016-02-16T17:18:17",
"db": "PACKETSTORM",
"id": "135793"
},
{
"date": "2015-04-21T16:03:31",
"db": "PACKETSTORM",
"id": "131539"
},
{
"date": "2016-05-26T14:33:33",
"db": "PACKETSTORM",
"id": "137208"
},
{
"date": "2015-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"date": "2015-09-28T20:59:00.093000",
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1781"
},
{
"date": "2016-09-09T18:00:00",
"db": "BID",
"id": "74255"
},
{
"date": "2015-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004995"
},
{
"date": "2023-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-071"
},
{
"date": "2023-02-13T00:46:42.317000",
"db": "NVD",
"id": "CVE-2015-1781"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU C Library of gethostbyname_r And other unspecified NSS Buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-071"
}
],
"trust": 0.6
}
}
VAR-201501-0737
Vulnerability from variot - Updated: 2024-07-23 19:37Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.". eglibc The package contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: rhev-hypervisor6 security update Advisory ID: RHSA-2015:0126-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0126.html Issue date: 2015-02-04 CVE Names: CVE-2014-3511 CVE-2014-3567 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2015-0235 =====================================================================
- Summary:
An updated rhev-hypervisor6 package that fixes multiple security issues is now available for Red Hat Enterprise Virtualization 3.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEV Hypervisor for RHEL-6 - noarch
- Description:
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)
A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611)
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)
A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567)
It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646)
Red Hat would like to thank Qualys for reporting the CVE-2015-0235 issue, Lars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced Threat Research team at Intel Security for reporting the CVE-2014-3645 and CVE-2014-3646 issues.
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
- Solution:
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht ml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente rprise_Virtualization_Hypervisors.html
- Bugs fixed (https://bugzilla.redhat.com/):
1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack 1144825 - CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled 1144835 - CVE-2014-3645 kernel: kvm: vmx: invept vm exit not handled 1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition 1152563 - Tracker: RHEV-H 6.6 for RHEV 3.4.z build 1152961 - CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash 1180044 - Incorrect glusterfs package in to RHEVH 6.6 for 3.4.4 and 3.5 build [rhev-3.4.z] 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 1185720 - Incorrect rhn-virtualization-host and rhn-virtualization-common packages in RHEVH 6.6 for rhev 3.4.5
- Package List:
RHEV Hypervisor for RHEL-6:
noarch: rhev-hypervisor6-6.6-20150123.1.el6ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3511 https://access.redhat.com/security/cve/CVE-2014-3567 https://access.redhat.com/security/cve/CVE-2014-3611 https://access.redhat.com/security/cve/CVE-2014-3645 https://access.redhat.com/security/cve/CVE-2014-3646 https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU0l7LXlSAg2UNWIIRAvEdAJ4wGHkcIyH+VhN8Me+wQpBWbHgMiQCdH58Q EXI2+hZZswncCxMn6NgpQ6g= =wy8T -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of arbitrary code.
Please update or upgrade to one of the following versions or subsequent.
References:
CVE-2015-0235 - Buffer Errors (CWE-119) SSRT101906
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The glibc updates are available for RHEL4, RHEL5, and RHEL6 at:
https://access.redhat.com/security/cve/CVE-2015-0235
WORKAROUND INSTRUCTIONS
HP recommends following this information after applying the updates to protect against potential risk for the specified HP IceWall products.
HP IceWall SSO Dfw
The AGENT_PERMIT configuration parameter allows Dfw to restrict requests from the Agent (another module) by using one of following methods: IP (IP address), HOST(host name) and DOMAIN (domain name). If possible, do not specify the "IP" value as the evaluation method in setting AGENT_PERMIT. Instead, use "HOST" or "DOMAIN".
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 2 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04589512
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04589512 Version: 1
HPSBGN03285 rev.1 - HP Business Service Manager Virtual Appliance, Multiple
Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-03-17 Last Updated: 2015-03-17
Potential Security Impact: Multiple vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with these three
packages. These vulnerabilities could be exploited to allow execution of
code.
HP Operation Agent Virtual Appliance for monitoring VMware vSphere
environments (OAVA) HP Virtualization Performance Viewer for monitoring VMware vSphere
environments (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA)
References:
CVE-2015-0235 - Buffer Errors (CWE-119) CVE-2012-6657 - Permissions, Privileges, and Access Control (CWE-264) CVE-2014-3673 - Resource Management Errors (CWE-399) CVE-2014-3687 - Resource Management Errors (CWE-399) CVE-2014-3688 - Resource Management Errors (CWE-399) CVE-2014-5471 - Resource Management Errors (CWE-399) CVE-2014-5472 - Input Validation (CWE-20) CVE-2014-6410 - Resource Management Errors (CWE-399) CVE-2014-9322- Permissions, Privileges, and Access Control (CWE-264) SSRT101955
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Operation Agent Virtual Appliance for monitoring VMware vSphere
environments (OAVA) v11.14, v11.13, v11.12, v11.11
HP Virtualization Performance Viewer for monitoring VMware vSphere
environments (vPV VA) v2.10, v2.01, v2.0, v1.x
HP Operations Manager i 10.00 Virtual (OMi VA) v10.00
BACKGROUND For a PGP signed version of this security bulletin please write to:
security-alert@hp.com
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-6657 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2014-3673 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-3687 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-3688 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-5471 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0 CVE-2014-5472 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0 CVE-2014-6410 (AV:L/AC:M/Au:N/C:N/I:N/A:C) 4.7 CVE-2014-9322 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following information to mitigate the impact of these
vulnerabilities.
https://softwaresupport.hp.com/group/softwaresupport/search-
result/-/facetsearch/document/KM01411792
HISTORY Version:1 (rev.1) - 17 March 2015 Initial release
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com It is strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins
via Email: http://h30046.www3.hp.com/driverAlertProfile.php?
regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile
to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is
represented by the 5th and 6th characters of the Bulletin number in the
title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW
MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS
PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to
maintain system integrity. HP is continually reviewing and enhancing the
security features of software products to provide customers with current
secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the
attention of users of the affected HP products the important security
information contained in this Bulletin. HP recommends that all users
determine the applicability of this information to their individual
situations and take appropriate action. HP does not warrant that this
information is necessarily accurate or complete for all user situations and,
consequently, HP will not be responsible for any damages resulting from
user's use or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose, title and non-infringement."
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for incidental,
special or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or services; or
damages for loss of data, or software restoration. The information in this
document is subject to change without notice. Hewlett-Packard Company and the
names of Hewlett-Packard products referenced herein are trademarks of
Hewlett-Packard Company in the United States and other countries. Other
product and company names mentioned herein may be trademarks of their
respective owners. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-2485-1 January 27, 2015
eglibc vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
The GNU C Library could be made to crash or run programs.
Software Description: - eglibc: GNU C Library
Details:
It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.10
Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.20
After a standard system update you need to reboot your computer to make all the necessary changes.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 https://rhn.redhat.com/errata/RHSA-2015-0092.html
Updated Packages:
Mandriva Business Server 1/X86_64: 678efef85b85206451ef8927bad808e0 mbs1/x86_64/glibc-2.14.1-12.11.mbs1.x86_64.rpm 46cd508f03e36c1e4f752c317852ec8e mbs1/x86_64/glibc-devel-2.14.1-12.11.mbs1.x86_64.rpm 069302c80e3b79504e2b0eaaa72c2745 mbs1/x86_64/glibc-doc-2.14.1-12.11.mbs1.noarch.rpm 3a841c0295823354655dd3e7734ada0b mbs1/x86_64/glibc-doc-pdf-2.14.1-12.11.mbs1.noarch.rpm 11a672a0b4bae77c7adfa803bea9871f mbs1/x86_64/glibc-i18ndata-2.14.1-12.11.mbs1.x86_64.rpm d3f113ccec4f18e4bb08c951625e51d7 mbs1/x86_64/glibc-profile-2.14.1-12.11.mbs1.x86_64.rpm f6d6aa5806dd747e66996ea8cc01c9b4 mbs1/x86_64/glibc-static-devel-2.14.1-12.11.mbs1.x86_64.rpm 98cc6eae0234eeed945712bbc8b2c0ea mbs1/x86_64/glibc-utils-2.14.1-12.11.mbs1.x86_64.rpm bf6f2fcc3dd21bd8380aac40e91bb802 mbs1/x86_64/nscd-2.14.1-12.11.mbs1.x86_64.rpm f597e4d6241c76701733d730e84f5714 mbs1/SRPMS/glibc-2.14.1-12.11.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU2bromqjQ0CJFipgRAmFsAKCQjfZlXUkoM7Vw2lzaEcgdyJncUgCg6ad6 CZAvbkM0GO2ojTqkrf89cyk= =/OhK -----END PGP SIGNATURE----- . 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, ia64, x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 4 ELS):
Source: glibc-2.3.4-2.57.el4.2.src.rpm
i386: glibc-2.3.4-2.57.el4.2.i386.rpm glibc-2.3.4-2.57.el4.2.i686.rpm glibc-common-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.i386.rpm glibc-headers-2.3.4-2.57.el4.2.i386.rpm glibc-profile-2.3.4-2.57.el4.2.i386.rpm glibc-utils-2.3.4-2.57.el4.2.i386.rpm nptl-devel-2.3.4-2.57.el4.2.i386.rpm nptl-devel-2.3.4-2.57.el4.2.i686.rpm nscd-2.3.4-2.57.el4.2.i386.rpm
ia64: glibc-2.3.4-2.57.el4.2.i686.rpm glibc-2.3.4-2.57.el4.2.ia64.rpm glibc-common-2.3.4-2.57.el4.2.ia64.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-2.3.4-2.57.el4.2.ia64.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.ia64.rpm glibc-headers-2.3.4-2.57.el4.2.ia64.rpm glibc-profile-2.3.4-2.57.el4.2.ia64.rpm glibc-utils-2.3.4-2.57.el4.2.ia64.rpm nptl-devel-2.3.4-2.57.el4.2.ia64.rpm nscd-2.3.4-2.57.el4.2.ia64.rpm
x86_64: glibc-2.3.4-2.57.el4.2.i686.rpm glibc-2.3.4-2.57.el4.2.x86_64.rpm glibc-common-2.3.4-2.57.el4.2.x86_64.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm glibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm glibc-debuginfo-2.3.4-2.57.el4.2.x86_64.rpm glibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.i386.rpm glibc-devel-2.3.4-2.57.el4.2.x86_64.rpm glibc-headers-2.3.4-2.57.el4.2.x86_64.rpm glibc-profile-2.3.4-2.57.el4.2.x86_64.rpm glibc-utils-2.3.4-2.57.el4.2.x86_64.rpm nptl-devel-2.3.4-2.57.el4.2.x86_64.rpm nscd-2.3.4-2.57.el4.2.x86_64.rpm
Red Hat Enterprise Linux ES (v
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0737",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pureapplication system",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.6.6"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.5.22"
},
{
"model": "communications user data repository",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.9.1"
},
{
"model": "communications user data repository",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5"
},
{
"model": "communications lsms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "1.0.0.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.6.0"
},
{
"model": "communications application session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "3.7.1"
},
{
"model": "security access manager for enterprise single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "communications session border controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.4.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "glibc",
"scope": "gte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.0"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.24"
},
{
"model": "glibc",
"scope": "lt",
"trust": 1.0,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.4.38"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "embedded glibc",
"scope": "lt",
"trust": 0.8,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "linux enterprise server",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.18",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.24",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.11.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.22",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.6",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.38",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "134196"
},
{
"db": "PACKETSTORM",
"id": "130216"
},
{
"db": "PACKETSTORM",
"id": "131015"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0235",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-78181",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0235",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0235",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-78181",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\". eglibc The package contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: rhev-hypervisor6 security update \nAdvisory ID: RHSA-2015:0126-01\nProduct: Red Hat Enterprise Virtualization\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0126.html\nIssue date: 2015-02-04\nCVE Names: CVE-2014-3511 CVE-2014-3567 CVE-2014-3611 \n CVE-2014-3645 CVE-2014-3646 CVE-2015-0235 \n=====================================================================\n\n1. Summary:\n\nAn updated rhev-hypervisor6 package that fixes multiple security issues is\nnow available for Red Hat Enterprise Virtualization 3. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-6 - noarch\n\n3. Description:\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. A remote attacker able to make\nan application call either of these functions could use this flaw to\nexecute arbitrary code with the permissions of the user running the\napplication. (CVE-2015-0235)\n\nA race condition flaw was found in the way the Linux kernel\u0027s KVM subsystem\nhandled PIT (Programmable Interval Timer) emulation. A guest user who has \naccess to the PIT I/O ports could use this flaw to crash the host. \n(CVE-2014-3611)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nIt was found that the Linux kernel\u0027s KVM subsystem did not handle the VM\nexits gracefully for the invept (Invalidate Translations Derived from EPT)\nand invvpid (Invalidate Translations Based on VPID) instructions. On hosts\nwith an Intel processor and invept/invppid VM exit support, an unprivileged\nguest user could use these instructions to crash the guest. (CVE-2014-3645,\nCVE-2014-3646)\n\nRed Hat would like to thank Qualys for reporting the CVE-2015-0235 issue,\nLars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced\nThreat Research team at Intel Security for reporting the CVE-2014-3645 and\nCVE-2014-3646 issues. \n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package. \n\n4. Solution:\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization environments\nusing the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht\nml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente\nrprise_Virtualization_Hypervisors.html\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n1144825 - CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled\n1144835 - CVE-2014-3645 kernel: kvm: vmx: invept vm exit not handled\n1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition\n1152563 - Tracker: RHEV-H 6.6 for RHEV 3.4.z build\n1152961 - CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash\n1180044 - Incorrect glusterfs package in to RHEVH 6.6 for 3.4.4 and 3.5 build [rhev-3.4.z]\n1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow\n1185720 - Incorrect rhn-virtualization-host and rhn-virtualization-common packages in RHEVH 6.6 for rhev 3.4.5\n\n6. Package List:\n\nRHEV Hypervisor for RHEL-6:\n\nnoarch:\nrhev-hypervisor6-6.6-20150123.1.el6ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3511\nhttps://access.redhat.com/security/cve/CVE-2014-3567\nhttps://access.redhat.com/security/cve/CVE-2014-3611\nhttps://access.redhat.com/security/cve/CVE-2014-3645\nhttps://access.redhat.com/security/cve/CVE-2014-3646\nhttps://access.redhat.com/security/cve/CVE-2015-0235\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU0l7LXlSAg2UNWIIRAvEdAJ4wGHkcIyH+VhN8Me+wQpBWbHgMiQCdH58Q\nEXI2+hZZswncCxMn6NgpQ6g=\n=wy8T\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThis is the GNU C Library (glibc) vulnerability known as \"GHOST\" which could\nbe exploited remotely resulting in execution of arbitrary code. \n\n Please update or upgrade to one of the following versions or subsequent. \n\nReferences:\n\nCVE-2015-0235 - Buffer Errors (CWE-119)\nSSRT101906\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nThe glibc updates are available for RHEL4, RHEL5, and RHEL6 at:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0235\n\nWORKAROUND INSTRUCTIONS\n\nHP recommends following this information after applying the updates to\nprotect against potential risk for the specified HP IceWall products. \n\nHP IceWall SSO Dfw\n\nThe AGENT_PERMIT configuration parameter allows Dfw to restrict requests from\nthe Agent (another module) by using one of following methods: IP (IP\naddress), HOST(host name) and DOMAIN (domain name). \nIf possible, do not specify the \"IP\" value as the evaluation method in\nsetting AGENT_PERMIT. Instead, use \"HOST\" or \"DOMAIN\". \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 2 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04589512\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04589512\nVersion: 1\n\nHPSBGN03285 rev.1 - HP Business Service Manager Virtual Appliance, Multiple\n\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\n\nsoon as possible. \n\nRelease Date: 2015-03-17\nLast Updated: 2015-03-17\n\n- -----------------------------------------------------------------------------\n\n- ---\n\nPotential Security Impact: Multiple vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with these three\n\npackages. These vulnerabilities could be exploited to allow execution of\n\ncode. \n\nHP Operation Agent Virtual Appliance for monitoring VMware vSphere\n\nenvironments (OAVA)\nHP Virtualization Performance Viewer for monitoring VMware vSphere\n\nenvironments (vPV VA)\nHP Operations Manager i 10.00 Virtual (OMi VA)\n\nReferences:\n\nCVE-2015-0235 - Buffer Errors (CWE-119)\nCVE-2012-6657 - Permissions, Privileges, and Access Control (CWE-264)\nCVE-2014-3673 - Resource Management Errors (CWE-399)\nCVE-2014-3687 - Resource Management Errors (CWE-399)\nCVE-2014-3688 - Resource Management Errors (CWE-399)\nCVE-2014-5471 - Resource Management Errors (CWE-399)\nCVE-2014-5472 - Input Validation (CWE-20)\nCVE-2014-6410 - Resource Management Errors (CWE-399)\nCVE-2014-9322- Permissions, Privileges, and Access Control (CWE-264)\nSSRT101955\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Operation Agent Virtual Appliance for monitoring VMware vSphere\n\nenvironments (OAVA) v11.14, v11.13, v11.12, v11.11\n\nHP Virtualization Performance Viewer for monitoring VMware vSphere\n\nenvironments (vPV VA) v2.10, v2.01, v2.0, v1.x\n\nHP Operations Manager i 10.00 Virtual (OMi VA) v10.00\n\nBACKGROUND\nFor a PGP signed version of this security bulletin please write to:\n\nsecurity-alert@hp.com\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-6657 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9\nCVE-2014-3673 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2014-3687 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2014-3688 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-5471 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0\nCVE-2014-5472 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0\nCVE-2014-6410 (AV:L/AC:M/Au:N/C:N/I:N/A:C) 4.7\nCVE-2014-9322 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following information to mitigate the impact of these\n\nvulnerabilities. \n\nhttps://softwaresupport.hp.com/group/softwaresupport/search-\n\nresult/-/facetsearch/document/KM01411792\n\nHISTORY\nVersion:1 (rev.1) - 17 March 2015 Initial release\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported\n\nproduct, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being\n\ncommunicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins\n\nvia Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?\n\nregioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile\n\nto update appropriate sections. \n\nTo review previously published Security Bulletins visit:\n\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is\n\nrepresented by the 5th and 6th characters of the Bulletin number in the\n\ntitle: GN = HP General SW\n MA = HP Management Agents\n MI = Misc. 3rd Party SW\n\nMP = HP MPE/iX\n NS = HP NonStop Servers\n OV = HP OpenVMS\n\nPI = HP Printing \u0026 Imaging\n ST = HP Storage SW\n TL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\n UX = HP-UX\n VV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to\n\nmaintain system integrity. HP is continually reviewing and enhancing the\n\nsecurity features of software products to provide customers with current\n\nsecure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the\n\nattention of users of the affected HP products the important security\n\ninformation contained in this Bulletin. HP recommends that all users\n\ndetermine the applicability of this information to their individual\n\nsituations and take appropriate action. HP does not warrant that this\n\ninformation is necessarily accurate or complete for all user situations and,\n\nconsequently, HP will not be responsible for any damages resulting from\n\nuser\u0027s use or disregard of the information provided in this Bulletin. To the\n\nextent permitted by law, HP disclaims all warranties, either express or\n\nimplied, including the warranties of merchantability and fitness for a\n\nparticular purpose, title and non-infringement.\"\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors\n\nor omissions contained herein. The information provided is provided \"as is\"\n\nwithout warranty of any kind. To the extent permitted by law, neither HP or\n\nits affiliates, subcontractors or suppliers will be liable for incidental,\n\nspecial or consequential damages including downtime cost; lost profits;\n\ndamages relating to the procurement of substitute products or services; or\n\ndamages for loss of data, or software restoration. The information in this\n\ndocument is subject to change without notice. Hewlett-Packard Company and the\n\nnames of Hewlett-Packard products referenced herein are trademarks of\n\nHewlett-Packard Company in the United States and other countries. Other\n\nproduct and company names mentioned herein may be trademarks of their\n\nrespective owners. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-2485-1\nJanuary 27, 2015\n\neglibc vulnerability\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nThe GNU C Library could be made to crash or run programs. \n\nSoftware Description:\n- eglibc: GNU C Library\n\nDetails:\n\nIt was discovered that a buffer overflow existed in the gethostbyname\nand gethostbyname2 functions in the GNU C Library. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n libc6 2.15-0ubuntu10.10\n\nUbuntu 10.04 LTS:\n libc6 2.11.1-0ubuntu7.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235\n https://rhn.redhat.com/errata/RHSA-2015-0092.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 678efef85b85206451ef8927bad808e0 mbs1/x86_64/glibc-2.14.1-12.11.mbs1.x86_64.rpm\n 46cd508f03e36c1e4f752c317852ec8e mbs1/x86_64/glibc-devel-2.14.1-12.11.mbs1.x86_64.rpm\n 069302c80e3b79504e2b0eaaa72c2745 mbs1/x86_64/glibc-doc-2.14.1-12.11.mbs1.noarch.rpm\n 3a841c0295823354655dd3e7734ada0b mbs1/x86_64/glibc-doc-pdf-2.14.1-12.11.mbs1.noarch.rpm\n 11a672a0b4bae77c7adfa803bea9871f mbs1/x86_64/glibc-i18ndata-2.14.1-12.11.mbs1.x86_64.rpm\n d3f113ccec4f18e4bb08c951625e51d7 mbs1/x86_64/glibc-profile-2.14.1-12.11.mbs1.x86_64.rpm\n f6d6aa5806dd747e66996ea8cc01c9b4 mbs1/x86_64/glibc-static-devel-2.14.1-12.11.mbs1.x86_64.rpm\n 98cc6eae0234eeed945712bbc8b2c0ea mbs1/x86_64/glibc-utils-2.14.1-12.11.mbs1.x86_64.rpm\n bf6f2fcc3dd21bd8380aac40e91bb802 mbs1/x86_64/nscd-2.14.1-12.11.mbs1.x86_64.rpm \n f597e4d6241c76701733d730e84f5714 mbs1/SRPMS/glibc-2.14.1-12.11.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFU2bromqjQ0CJFipgRAmFsAKCQjfZlXUkoM7Vw2lzaEcgdyJncUgCg6ad6\nCZAvbkM0GO2ojTqkrf89cyk=\n=/OhK\n-----END PGP SIGNATURE-----\n. 4 ELS) - i386, ia64, x86_64\nRed Hat Enterprise Linux ES (v. 4 ELS) - i386, ia64, x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 4 ELS):\n\nSource:\nglibc-2.3.4-2.57.el4.2.src.rpm\n\ni386:\nglibc-2.3.4-2.57.el4.2.i386.rpm\nglibc-2.3.4-2.57.el4.2.i686.rpm\nglibc-common-2.3.4-2.57.el4.2.i386.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm\nglibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm\nglibc-devel-2.3.4-2.57.el4.2.i386.rpm\nglibc-headers-2.3.4-2.57.el4.2.i386.rpm\nglibc-profile-2.3.4-2.57.el4.2.i386.rpm\nglibc-utils-2.3.4-2.57.el4.2.i386.rpm\nnptl-devel-2.3.4-2.57.el4.2.i386.rpm\nnptl-devel-2.3.4-2.57.el4.2.i686.rpm\nnscd-2.3.4-2.57.el4.2.i386.rpm\n\nia64:\nglibc-2.3.4-2.57.el4.2.i686.rpm\nglibc-2.3.4-2.57.el4.2.ia64.rpm\nglibc-common-2.3.4-2.57.el4.2.ia64.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.ia64.rpm\nglibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm\nglibc-devel-2.3.4-2.57.el4.2.ia64.rpm\nglibc-headers-2.3.4-2.57.el4.2.ia64.rpm\nglibc-profile-2.3.4-2.57.el4.2.ia64.rpm\nglibc-utils-2.3.4-2.57.el4.2.ia64.rpm\nnptl-devel-2.3.4-2.57.el4.2.ia64.rpm\nnscd-2.3.4-2.57.el4.2.ia64.rpm\n\nx86_64:\nglibc-2.3.4-2.57.el4.2.i686.rpm\nglibc-2.3.4-2.57.el4.2.x86_64.rpm\nglibc-common-2.3.4-2.57.el4.2.x86_64.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.i386.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.i686.rpm\nglibc-debuginfo-2.3.4-2.57.el4.2.x86_64.rpm\nglibc-debuginfo-common-2.3.4-2.57.el4.2.i386.rpm\nglibc-devel-2.3.4-2.57.el4.2.i386.rpm\nglibc-devel-2.3.4-2.57.el4.2.x86_64.rpm\nglibc-headers-2.3.4-2.57.el4.2.x86_64.rpm\nglibc-profile-2.3.4-2.57.el4.2.x86_64.rpm\nglibc-utils-2.3.4-2.57.el4.2.x86_64.rpm\nnptl-devel-2.3.4-2.57.el4.2.x86_64.rpm\nnscd-2.3.4-2.57.el4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ES (v",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0235"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "VULHUB",
"id": "VHN-78181"
},
{
"db": "PACKETSTORM",
"id": "130241"
},
{
"db": "PACKETSTORM",
"id": "134196"
},
{
"db": "PACKETSTORM",
"id": "130216"
},
{
"db": "PACKETSTORM",
"id": "131015"
},
{
"db": "PACKETSTORM",
"id": "130099"
},
{
"db": "PACKETSTORM",
"id": "130333"
},
{
"db": "PACKETSTORM",
"id": "130135"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78181",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78181"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0235",
"trust": 2.6
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "BID",
"id": "72325",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167552",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "164014",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "130974",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "153278",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "130768",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "130171",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62883",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62690",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62871",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62680",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62517",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62640",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62715",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62812",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62667",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62879",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62813",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62698",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62681",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62692",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62758",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62870",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62816",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62691",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62688",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "62865",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10671",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032909",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10100",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-994726",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/04/7",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/09/17/4",
"trust": 0.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/01/28/18",
"trust": 0.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/01/29/21",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "134196",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130216",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130135",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130099",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130333",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131867",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130115",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130134",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130163",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "36421",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "35951",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201501-658",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89237",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-78181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130241",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "PACKETSTORM",
"id": "130241"
},
{
"db": "PACKETSTORM",
"id": "134196"
},
{
"db": "PACKETSTORM",
"id": "130216"
},
{
"db": "PACKETSTORM",
"id": "131015"
},
{
"db": "PACKETSTORM",
"id": "130099"
},
{
"db": "PACKETSTORM",
"id": "130333"
},
{
"db": "PACKETSTORM",
"id": "130135"
},
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"id": "VAR-201501-0737",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78181"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:37:02.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eglibc.org/home"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://getfedora.org/en/"
},
{
"title": "SUSE-SU-2014:1129-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html"
},
{
"title": "CVE-2013-4357",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2013-4357"
},
{
"title": "USN-2306-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/2306-1/"
},
{
"title": "USN-2306-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/2306-2/"
},
{
"title": "USN-2306-3",
"trust": 0.8,
"url": "https://usn.ubuntu.com/2306-3/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-120",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72325"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://seclists.org/oss-sec/2015/q1/269"
},
{
"trust": 1.1,
"url": "http://seclists.org/oss-sec/2015/q1/274"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534845/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/jun/14"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150128-ghost"
},
{
"trust": 1.1,
"url": "http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/"
},
{
"trust": 1.1,
"url": "http://linux.oracle.com/errata/elsa-2015-0090.html"
},
{
"trust": 1.1,
"url": "http://linux.oracle.com/errata/elsa-2015-0092.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695695"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695774"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695835"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695860"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696131"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696243"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696526"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696600"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696602"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696618"
},
{
"trust": 1.1,
"url": "http://www.idirect.net/partners/~/media/files/cve/idirect-posted-common-vulnerabilities-and-exposures.pdf"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa90"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04874668"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20150127-0001/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205267"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205375"
},
{
"trust": 1.1,
"url": "https://www.f-secure.com/en/web/labs_global/fsc-2015-1"
},
{
"trust": 1.1,
"url": "https://www.sophos.com/en-us/support/knowledgebase/121879.aspx"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3142"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2015/jan/111"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/jun/18"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/0"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jun/36"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:039"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/130171/exim-esmtp-ghost-denial-of-service.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/130768/emc-secure-remote-services-ghost-sql-injection-command-injection.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/130974/exim-ghost-glibc-gethostbyname-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/153278/wago-852-industrial-managed-switch-series-code-execution-hardcoded-credentials.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
},
{
"trust": 1.1,
"url": "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9"
},
{
"trust": 1.1,
"url": "https://www.qualys.com/research/security-advisories/ghost-cve-2015-0235.txt"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032909"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62517"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62640"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62667"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62680"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62681"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62688"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62690"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62691"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62692"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62698"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62715"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62758"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62812"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62813"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62816"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62865"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62870"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62871"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62879"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62883"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142296726407499\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142781412222323\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143145428124857\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10671"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10100"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4357"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4357"
},
{
"trust": 0.8,
"url": "https://www.openwall.com/lists/oss-security/2013/09/17/4"
},
{
"trust": 0.8,
"url": "http://www.openwall.com/lists/oss-security/2015/01/28/18"
},
{
"trust": 0.8,
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-0235"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10671"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10100"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142296726407499\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142781412222323\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142722450701342\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142721102728110\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143145428124857\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/ht"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3646"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3646"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://h10145.www1.hpe.com/sso/index.aspx?returnurl=..%2fdownloads%2fdow"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9322"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3673"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5471"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2485-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.20"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.10"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0235"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0092.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0101.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "PACKETSTORM",
"id": "130241"
},
{
"db": "PACKETSTORM",
"id": "134196"
},
{
"db": "PACKETSTORM",
"id": "130216"
},
{
"db": "PACKETSTORM",
"id": "131015"
},
{
"db": "PACKETSTORM",
"id": "130099"
},
{
"db": "PACKETSTORM",
"id": "130333"
},
{
"db": "PACKETSTORM",
"id": "130135"
},
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"db": "PACKETSTORM",
"id": "130241"
},
{
"db": "PACKETSTORM",
"id": "134196"
},
{
"db": "PACKETSTORM",
"id": "130216"
},
{
"db": "PACKETSTORM",
"id": "131015"
},
{
"db": "PACKETSTORM",
"id": "130099"
},
{
"db": "PACKETSTORM",
"id": "130333"
},
{
"db": "PACKETSTORM",
"id": "130135"
},
{
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-78181"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"date": "2015-02-04T21:32:57",
"db": "PACKETSTORM",
"id": "130241"
},
{
"date": "2015-11-03T16:53:42",
"db": "PACKETSTORM",
"id": "134196"
},
{
"date": "2015-02-03T16:49:41",
"db": "PACKETSTORM",
"id": "130216"
},
{
"date": "2015-03-25T00:42:48",
"db": "PACKETSTORM",
"id": "131015"
},
{
"date": "2015-01-27T18:04:39",
"db": "PACKETSTORM",
"id": "130099"
},
{
"date": "2015-02-10T17:42:58",
"db": "PACKETSTORM",
"id": "130333"
},
{
"date": "2015-01-29T06:05:51",
"db": "PACKETSTORM",
"id": "130135"
},
{
"date": "2015-01-28T19:59:00.063000",
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-78181"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007061"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2015-0235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130241"
},
{
"db": "PACKETSTORM",
"id": "130135"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eglibc Classic buffer overflow vulnerability in package",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007061"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "130241"
},
{
"db": "PACKETSTORM",
"id": "130099"
},
{
"db": "PACKETSTORM",
"id": "130333"
},
{
"db": "PACKETSTORM",
"id": "130135"
}
],
"trust": 0.4
}
}
VAR-202101-0119
Vulnerability from variot - Updated: 2024-07-23 19:27The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. 8) - aarch64, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1428290 - CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option 1684057 - CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read 1704868 - CVE-2016-10228 glibc: iconv: Fix converter hangs and front end option parsing for //TRANSLIT and //IGNORE [rhel-8] 1855790 - glibc: Update Intel CET support from upstream 1856398 - glibc: Build with -moutline-atomics on aarch64 1868106 - glibc: Transaction ID collisions cause slow DNS lookups in getaddrinfo 1871385 - glibc: Improve auditing implementation (including DT_AUDIT, and DT_DEPAUDIT) 1871387 - glibc: Improve IBM POWER9 architecture performance 1871394 - glibc: Fix AVX2 off-by-one error in strncmp (swbz#25933) 1871395 - glibc: Improve IBM Z (s390x) Performance 1871396 - glibc: Improve use of static TLS surplus for optimizations. Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
Bug Fix(es):
-
glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162)
-
glibc: Performance regression in ebizzy benchmark (BZ#1889977)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
ppc64: glibc-2.17-322.el7_9.ppc.rpm glibc-2.17-322.el7_9.ppc64.rpm glibc-common-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-2.17-322.el7_9.ppc.rpm glibc-debuginfo-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm glibc-devel-2.17-322.el7_9.ppc.rpm glibc-devel-2.17-322.el7_9.ppc64.rpm glibc-headers-2.17-322.el7_9.ppc64.rpm glibc-utils-2.17-322.el7_9.ppc64.rpm nscd-2.17-322.el7_9.ppc64.rpm
ppc64le: glibc-2.17-322.el7_9.ppc64le.rpm glibc-common-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm glibc-devel-2.17-322.el7_9.ppc64le.rpm glibc-headers-2.17-322.el7_9.ppc64le.rpm glibc-utils-2.17-322.el7_9.ppc64le.rpm nscd-2.17-322.el7_9.ppc64le.rpm
s390x: glibc-2.17-322.el7_9.s390.rpm glibc-2.17-322.el7_9.s390x.rpm glibc-common-2.17-322.el7_9.s390x.rpm glibc-debuginfo-2.17-322.el7_9.s390.rpm glibc-debuginfo-2.17-322.el7_9.s390x.rpm glibc-debuginfo-common-2.17-322.el7_9.s390.rpm glibc-debuginfo-common-2.17-322.el7_9.s390x.rpm glibc-devel-2.17-322.el7_9.s390.rpm glibc-devel-2.17-322.el7_9.s390x.rpm glibc-headers-2.17-322.el7_9.s390x.rpm glibc-utils-2.17-322.el7_9.s390x.rpm nscd-2.17-322.el7_9.s390x.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: glibc-debuginfo-2.17-322.el7_9.ppc.rpm glibc-debuginfo-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm glibc-static-2.17-322.el7_9.ppc.rpm glibc-static-2.17-322.el7_9.ppc64.rpm
ppc64le: glibc-debuginfo-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm glibc-static-2.17-322.el7_9.ppc64le.rpm
s390x: glibc-debuginfo-2.17-322.el7_9.s390.rpm glibc-debuginfo-2.17-322.el7_9.s390x.rpm glibc-debuginfo-common-2.17-322.el7_9.s390.rpm glibc-debuginfo-common-2.17-322.el7_9.s390x.rpm glibc-static-2.17-322.el7_9.s390.rpm glibc-static-2.17-322.el7_9.s390x.rpm
x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2022:0055
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
- grafana: Snapshot authentication bypass (CVE-2021-39226)
- golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
- nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
- golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
- grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
- grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64
The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x
The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le
The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - oc whoami --show-console should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the --max-icsp-size flag of oc adm catalog mirror
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform
1976894 - Unidling a StatefulSet does not work as expected
1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases
1977414 - Build Config timed out waiting for condition 400: Bad Request
1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus
1978528 - systemd-coredump started and failed intermittently for unknown reasons
1978581 - machine-config-operator: remove runlevel from mco namespace
1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable
1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9
1979966 - OCP builds always fail when run on RHEL7 nodes
1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading
1981549 - Machine-config daemon does not recover from broken Proxy configuration
1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]
1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues
1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page
1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands
1982662 - Workloads - DaemonSets - Add storage: i18n misses
1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "/secrets/encryption-config" on single node clusters
1983758 - upgrades are failing on disruptive tests
1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma"
1984592 - global pull secret not working in OCP4.7.4+ for additional private registries
1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs
1985486 - Cluster Proxy not used during installation on OSP with Kuryr
1985724 - VM Details Page missing translations
1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted
1985933 - Downstream image registry recommendation
1985965 - oVirt CSI driver does not report volume stats
1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding"
1986237 - "MachineNotYetDeleted" in Pending state , alert not fired
1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid"
1986302 - console continues to fetch prometheus alert and silences for normal user
1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI
1986338 - error creating list of resources in Import YAML
1986502 - yaml multi file dnd duplicates previous dragged files
1986819 - fix string typos for hot-plug disks
1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure
1987136 - Declare operatorframework.io/arch. labels for all operators
1987257 - Go-http-client user-agent being used for oc adm mirror requests
1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold
1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP
1988406 - SSH key dropped when selecting "Customize virtual machine" in UI
1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade
1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server"
1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs
1989438 - expected replicas is wrong
1989502 - Developer Catalog is disappearing after short time
1989843 - 'More' and 'Show Less' functions are not translated on several page
1990014 - oc debug does not work for Windows pods
1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created
1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page
1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar
1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI
1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi- symlinks
1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var
1990625 - Ironic agent registers with SLAAC address with privacy-stable
1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time
1991067 - github.com can not be resolved inside pods where cluster is running on openstack.
1991573 - Enable typescript strictNullCheck on network-policies files
1991641 - Baremetal Cluster Operator still Available After Delete Provisioning
1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator
1991819 - Misspelled word "ocurred" in oc inspect cmd
1991942 - Alignment and spacing fixes
1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked
1992453 - The configMap failed to save on VM environment tab
1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab
1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab
1992509 - Could not customize boot source due to source PVC not found
1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
1992580 - storageProfile should stay with the same value by check/uncheck the apply button
1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply
1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios
1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)
1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing
1994094 - Some hardcodes are detected at the code level in OpenShift console components
1994142 - Missing required cloud config fields for IBM Cloud
1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools
1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart
1995335 - [SCALE] ovnkube CNI: remove ovs flows check
1995493 - Add Secret to workload button and Actions button are not aligned on secret details page
1995531 - Create RDO-based Ironic image to be promoted to OKD
1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator
1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs
1995924 - CMO should report Upgradeable: false when HA workload is incorrectly spread
1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole
1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN
1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down
1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page
1996647 - Provide more useful degraded message in auth operator on DNS errors
1996736 - Large number of 501 lr-policies in INCI2 env
1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes
1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP
1996928 - Enable default operator indexes on ARM
1997028 - prometheus-operator update removes env var support for thanos-sidecar
1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used
1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller.
1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI
1997269 - Have to refresh console to install kube-descheduler
1997478 - Storage operator is not available after reboot cluster instances
1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
1997967 - storageClass is not reserved from default wizard to customize wizard
1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order
1998038 - [e2e][automation] add tests for UI for VM disk hot-plug
1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus
1998174 - Create storageclass gp3-csi after install ocp cluster on aws
1998183 - "r: Bad Gateway" info is improper
1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected
1998377 - Filesystem table head is not full displayed in disk tab
1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory
1998519 - Add fstype when create localvolumeset instance on web console
1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses
1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page
1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable
1999091 - Console update toast notification can appear multiple times
1999133 - removing and recreating static pod manifest leaves pod in error state
1999246 - .indexignore is not ingore when oc command load dc configuration
1999250 - ArgoCD in GitOps operator can't manage namespaces
1999255 - ovnkube-node always crashes out the first time it starts
1999261 - ovnkube-node log spam (and security token leak?)
1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page
1999314 - console-operator is slow to mark Degraded as False once console starts working
1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)
1999556 - "master" pool should be updated before the CVO reports available at the new version occurred
1999578 - AWS EFS CSI tests are constantly failing
1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages
1999619 - cloudinit is malformatted if a user sets a password during VM creation flow
1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow
1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined
1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub)
1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource
1999771 - revert "force cert rotation every couple days for development" in 4.10
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
1999796 - Openshift Console Helm tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace.
1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions
1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form
1999983 - No way to clear upload error from template boot source
2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter
2000096 - Git URL is not re-validated on edit build-config form reload
2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig
2000236 - Confusing usage message from dynkeepalived CLI
2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported
2000430 - bump cluster-api-provider-ovirt version in installer
2000450 - 4.10: Enable static PV multi-az test
2000490 - All critical alerts shipped by CMO should have links to a runbook
2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)
2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster
2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled
2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console
2000754 - IPerf2 tests should be lower
2000846 - Structure logs in the entire codebase of Local Storage Operator
2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24
2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM
2000938 - CVO does not respect changes to a Deployment strategy
2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy
2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone
2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole
2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error
2001337 - Details Card in ODF Dashboard mentions OCS
2001339 - fix text content hotplug
2001413 - [e2e][automation] add/delete nic and disk to template
2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log
2001442 - Empty termination.log file for the kube-apiserver has too permissive mode
2001479 - IBM Cloud DNS unable to create/update records
2001566 - Enable alerts for prometheus operator in UWM
2001575 - Clicking on the perspective switcher shows a white page with loader
2001577 - Quick search placeholder is not displayed properly when the search string is removed
2001578 - [e2e][automation] add tests for vm dashboard tab
2001605 - PVs remain in Released state for a long time after the claim is deleted
2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options
2001620 - Cluster becomes degraded if it can't talk to Manila
2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF
2001761 - Unable to apply cluster operator storage for SNO on GCP platform.
2001765 - Some error message in the log of diskmaker-manager caused confusion
2001784 - show loading page before final results instead of showing a transient message No log files exist
2001804 - Reload feature on Environment section in Build Config form does not work properly
2001810 - cluster admin unable to view BuildConfigs in all namespaces
2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well
2001823 - OCM controller must update operator status
2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start
2001835 - Could not select image tag version when create app from dev console
2001855 - Add capacity is disabled for ocs-storagecluster
2001856 - Repeating event: MissingVersion no image found for operand pod
2001959 - Side nav list borders don't extend to edges of container
2002007 - Layout issue on "Something went wrong" page
2002010 - ovn-kube may never attempt to retry a pod creation
2002012 - Cannot change volume mode when cloning a VM from a template
2002027 - Two instances of Dotnet helm chart show as one in topology
2002075 - opm render does not automatically pulling in the image(s) used in the deployments
2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster
2002125 - Network policy details page heading should be updated to Network Policy details
2002133 - [e2e][automation] add support/virtualization and improve deleteResource
2002134 - [e2e][automation] add test to verify vm details tab
2002215 - Multipath day1 not working on s390x
2002238 - Image stream tag is not persisted when switching from yaml to form editor
2002262 - [vSphere] Incorrect user agent in vCenter sessions list
2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector
2002276 - OLM fails to upgrade operators immediately
2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods
2002354 - Missing DU configuration "Done" status reporting during ZTP flow
2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs
2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation
2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN
2002397 - Resources search is inconsistent
2002434 - CRI-O leaks some children PIDs
2002443 - Getting undefined error on create local volume set page
2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy
2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods.
2002559 - User preference for topology list view does not follow when a new namespace is created
2002567 - Upstream SR-IOV worker doc has broken links
2002588 - Change text to be sentence case to align with PF
2002657 - ovn-kube egress IP monitoring is using a random port over the node network
2002713 - CNO: OVN logs should have millisecond resolution
2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event
2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite
2002763 - Two storage systems getting created with external mode RHCS
2002808 - KCM does not use web identity credentials
2002834 - Cluster-version operator does not remove unrecognized volume mounts
2002896 - Incorrect result return when user filter data by name on search page
2002950 - Why spec.containers.command is not created with "oc create deploymentconfig --image= -- "
2003096 - [e2e][automation] check bootsource URL is displaying on review step
2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role
2003120 - CI: Uncaught error with ResizeObserver on operand details page
2003145 - Duplicate operand tab titles causes "two children with the same key" warning
2003164 - OLM, fatal error: concurrent map writes
2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form
2003193 - Kubelet/crio leaks netns and veth ports in the host
2003195 - OVN CNI should ensure host veths are removed
2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images
2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI
2003244 - Revert libovsdb client code
2003251 - Patternfly components with list element has list item bullet when they should not.
2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI
2003269 - Rejected pods should be filtered from admission regression
2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release
2003426 - [e2e][automation] add test for vm details bootorder
2003496 - [e2e][automation] add test for vm resources requirment settings
2003641 - All metal ipi jobs are failing in 4.10
2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state
2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node
2003683 - Samples operator is panicking in CI
2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page
2003715 - Error on creating local volume set after selection of the volume mode
2003743 - Remove workaround keeping /boot RW for kdump support
2003775 - etcd pod on CrashLoopBackOff after master replacement procedure
2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver
2003792 - Monitoring metrics query graph flyover panel is useless
2003808 - Add Sprint 207 translations
2003845 - Project admin cannot access image vulnerabilities view
2003859 - sdn emits events with garbage messages
2003896 - (release-4.10) ApiRequestCounts conditional gatherer
2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas
2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes
2004059 - [e2e][automation] fix current tests for downstream
2004060 - Trying to use basic spring boot sample causes crash on Firefox
2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection
2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently
2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver
2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory
2004449 - Boot option recovery menu prevents image boot
2004451 - The backup filename displayed in the RecentBackup message is incorrect
2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts
2004508 - TuneD issues with the recent ConfigParser changes.
2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions
2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs
2004578 - Monitoring and node labels missing for an external storage platform
2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days
2004596 - [4.10] Bootimage bump tracker
2004597 - Duplicate ramdisk log containers running
2004600 - Duplicate ramdisk log containers running
2004609 - output of "crictl inspectp" is not complete
2004625 - BMC credentials could be logged if they change
2004632 - When LE takes a large amount of time, multiple whereabouts are seen
2004721 - ptp/worker custom threshold doesn't change ptp events threshold
2004736 - [knative] Create button on new Broker form is inactive despite form being filled
2004796 - [e2e][automation] add test for vm scheduling policy
2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque
2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card
2004901 - [e2e][automation] improve kubevirt devconsole tests
2004962 - Console frontend job consuming too much CPU in CI
2005014 - state of ODF StorageSystem is misreported during installation or uninstallation
2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines
2005179 - pods status filter is not taking effect
2005182 - sync list of deprecated apis about to be removed
2005282 - Storage cluster name is given as title in StorageSystem details page
2005355 - setuptools 58 makes Kuryr CI fail
2005407 - ClusterNotUpgradeable Alert should be set to Severity Info
2005415 - PTP operator with sidecar api configured throws bind: address already in use
2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console
2005554 - The switch status of the button "Show default project" is not revealed correctly in code
2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2005761 - QE - Implementing crw-basic feature file
2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow
2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty
2005854 - SSH NodePort service is created for each VM
2005901 - KS, KCM and KA going Degraded during master nodes upgrade
2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user
2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics
2005971 - Change telemeter to report the Application Services product usage metrics
2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files
2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased
2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types
2006101 - Power off fails for drivers that don't support Soft power off
2006243 - Metal IPI upgrade jobs are running out of disk space
2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address
2006308 - Backing Store YAML tab on click displays a blank screen on UI
2006325 - Multicast is broken across nodes
2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators
2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource
2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception"
2006714 - add retry for etcd errors in kube-apiserver
2006767 - KubePodCrashLooping may not fire
2006803 - Set CoreDNS cache entries for forwarded zones
2006861 - Add Sprint 207 part 2 translations
2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap
2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors
2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded
2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick
2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails
2007271 - CI Integration for Knative test cases
2007289 - kubevirt tests are failing in CI
2007322 - Devfile/Dockerfile import does not work for unsupported git host
2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3.
2007379 - Events are not generated for master offset for ordinary clock
2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error
2007522 - No new local-storage-operator-metadata-container is build for 4.10
2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10
2007580 - Azure cilium installs are failing e2e tests
2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10
2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes
2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures
2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow
2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates
2007802 - AWS machine actuator get stuck if machine is completely missing
2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator
2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
2008151 - Topology breaks on clicking in empty state
2008185 - Console operator go.mod should use go 1.16.version
2008201 - openstack-az job is failing on haproxy idle test
2008207 - vsphere CSI driver doesn't set resource limits
2008223 - gather_audit_logs: fix oc command line to get the current audit profile
2008235 - The Save button in the Edit DC form remains disabled
2008256 - Update Internationalization README with scope info
2008321 - Add correct documentation link for MON_DISK_LOW
2008462 - Disable PodSecurity feature gate for 4.10
2008490 - Backing store details page does not contain all the kebab actions.
2008521 - gcp-hostname service should correct invalid search entries in resolv.conf
2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount
2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror
2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers
2008599 - Azure Stack UPI does not have Internal Load Balancer
2008612 - Plugin asset proxy does not pass through browser cache headers
2008712 - VPA webhook timeout prevents all pods from starting
2008733 - kube-scheduler: exposed /debug/pprof port
2008911 - Prometheus repeatedly scaling prometheus-operator replica set
2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12
2009055 - Instances of OCS to be replaced with ODF on UI
2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs
2009083 - opm blocks pruning of existing bundles during add
2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances
2009131 - [e2e][automation] add more test about vmi
2009148 - [e2e][automation] test vm nic presets and options
2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator
2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family
2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted
2009384 - UI changes to support BindableKinds CRD changes
2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped
2009424 - Deployment upgrade is failing availability check
2009454 - Change web terminal subscription permissions from get to list
2009465 - container-selinux should come from rhel8-appstream
2009514 - Bump OVS to 2.16-15
2009555 - Supermicro X11 system not booting from vMedia with AI
2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points
2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow
2009699 - Failure to validate flavor RAM
2009754 - Footer is not sticky anymore in import forms
2009785 - CRI-O's version file should be pinned by MCO
2009791 - Installer: ibmcloud ignores install-config values
2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13
2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo
2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2009873 - Stale Logical Router Policies and Annotations for a given node
2009879 - There should be test-suite coverage to ensure admin-acks work as expected
2009888 - SRO package name collision between official and community version
2010073 - uninstalling and then reinstalling sriov-network-operator is not working
2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node.
2010181 - Environment variables not getting reset on reload on deployment edit form
2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2010341 - OpenShift Alerting Rules Style-Guide Compliance
2010342 - Local console builds can have out of memory errors
2010345 - OpenShift Alerting Rules Style-Guide Compliance
2010348 - Reverts PIE build mode for K8S components
2010352 - OpenShift Alerting Rules Style-Guide Compliance
2010354 - OpenShift Alerting Rules Style-Guide Compliance
2010359 - OpenShift Alerting Rules Style-Guide Compliance
2010368 - OpenShift Alerting Rules Style-Guide Compliance
2010376 - OpenShift Alerting Rules Style-Guide Compliance
2010662 - Cluster is unhealthy after image-registry-operator tests
2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)
2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address
2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing
2010864 - Failure building EFS operator
2010910 - ptp worker events unable to identify interface for multiple interfaces
2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
2010921 - Azure Stack Hub does not handle additionalTrustBundle
2010931 - SRO CSV uses non default category "Drivers and plugins"
2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well.
2011038 - optional operator conditions are confusing
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass
2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's
2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image
2011368 - Tooltip in pipeline visualization shows misleading data
2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels
2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards
2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster
2011513 - Kubelet rejects pods that use resources that should be freed by completed pods
2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine"
2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented
2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore
2011733 - Repository README points to broken documentarion link
2011753 - Ironic resumes clean before raid configuration job is actually completed
2011809 - The nodes page in the openshift console doesn't work. You just get a blank page
2011822 - Obfuscation doesn't work at clusters with OVN
2011882 - SRO helm charts not synced with templates
2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot
2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages
2011903 - vsphere-problem-detector: session leak
2011927 - OLM should allow users to specify a proxy for GRPC connections
2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
2011960 - [tracker] Storage operator is not available after reboot cluster instances
2011971 - ICNI2 pods are stuck in ContainerCreating state
2011972 - Ingress operator not creating wildcard route for hypershift clusters
2011977 - SRO bundle references non-existent image
2012069 - Refactoring Status controller
2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI
2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group
2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)"
2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig
2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off
2012407 - [e2e][automation] improve vm tab console tests
2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label
2012562 - migration condition is not detected in list view
2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written
2012780 - The port 50936 used by haproxy is occupied by kube-apiserver
2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working
2012902 - Neutron Ports assigned to Completed Pods are not reused Edit
2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack
2012971 - Disable operands deletes
2013034 - Cannot install to openshift-nmstate namespace
2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)
2013199 - post reboot of node SRIOV policy taking huge time
2013203 - UI breaks when trying to create block pool before storage cluster/system creation
2013222 - Full breakage for nightly payload promotion
2013273 - Nil pointer exception when phc2sys options are missing
2013321 - TuneD: high CPU utilization of the TuneD daemon.
2013416 - Multiple assets emit different content to the same filename
2013431 - Application selector dropdown has incorrect font-size and positioning
2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
2013545 - Service binding created outside topology is not visible
2013599 - Scorecard support storage is not included in ocp4.9
2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)
2013646 - fsync controller will show false positive if gaps in metrics are observed.
2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default
2013751 - Service details page is showing wrong in-cluster hostname
2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page
2013871 - Resource table headings are not aligned with their column data
2013895 - Cannot enable accelerated network via MachineSets on Azure
2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude"
2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)
2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain
2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)
2013996 - Project detail page: Action "Delete Project" does nothing for the default project
2014071 - Payload imagestream new tags not properly updated during cluster upgrade
2014153 - SRIOV exclusive pooling
2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace
2014238 - AWS console test is failing on importing duplicate YAML definitions
2014245 - Several aria-labels, external links, and labels aren't internationalized
2014248 - Several files aren't internationalized
2014352 - Could not filter out machine by using node name on machines page
2014464 - Unexpected spacing/padding below navigation groups in developer perspective
2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages
2014486 - Integration Tests: OLM single namespace operator tests failing
2014488 - Custom operator cannot change orders of condition tables
2014497 - Regex slows down different forms and creates too much recursion errors in the log
2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id'
2014614 - Metrics scraping requests should be assigned to exempt priority level
2014710 - TestIngressStatus test is broken on Azure
2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly
2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile
2015115 - [RFE] PCI passthrough
2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter
2015154 - Support ports defined networks and primarySubnet
2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic
2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production
2015386 - Possibility to add labels to the built-in OCP alerts
2015395 - Table head on Affinity Rules modal is not fully expanded
2015416 - CI implementation for Topology plugin
2015418 - Project Filesystem query returns No datapoints found
2015420 - No vm resource in project view's inventory
2015422 - No conflict checking on snapshot name
2015472 - Form and YAML view switch button should have distinguishable status
2015481 - [4.10] sriov-network-operator daemon pods are failing to start
2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English
2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click
2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu
2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain.
2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English
2015549 - Observe - Metrics: Column heading and pagination text is in English
2015557 - Workloads - DeploymentConfigs : Error message is in English
2015568 - Compute - Nodes : CPU column's values are in English
2015635 - Storage operator fails causing installation to fail on ASH
2015660 - "Finishing boot source customization" screen should not use term "patched"
2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node
2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning
2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud
2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch
2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail
2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)
2016008 - [4.10] Bootimage bump tracker
2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver
2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator
2016054 - No e2e CI presubmit configured for release component cluster-autoscaler
2016055 - No e2e CI presubmit configured for release component console
2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8"
2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager
2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers
2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters.
2016179 - Add Sprint 208 translations
2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager
2016235 - should update to 7.5.11 for grafana resources version label
2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails
2016334 - shiftstack: SRIOV nic reported as not supported
2016352 - Some pods start before CA resources are present
2016367 - Empty task box is getting created for a pipeline without finally task
2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts
2016438 - Feature flag gating is missing in few extensions contributed via knative plugin
2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc
2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets
2016453 - Complete i18n for GaugeChart defaults
2016479 - iface-id-ver is not getting updated for existing lsp
2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear
2016951 - dynamic actions list is not disabling "open console" for stopped vms
2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available
2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances
2017016 - [REF] Virtualization menu
2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn
2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly
2017130 - t is not a function error navigating to details page
2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue
2017244 - ovirt csi operator static files creation is in the wrong order
2017276 - [4.10] Volume mounts not created with the correct security context
2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed.
2017427 - NTO does not restart TuneD daemon when profile application is taking too long
2017535 - Broken Argo CD link image on GitOps Details Page
2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references
2017564 - On-prem prepender dispatcher script overwrites DNS search settings
2017565 - CCMO does not handle additionalTrustBundle on Azure Stack
2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice
2017606 - [e2e][automation] add test to verify send key for VNC console
2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes
2017656 - VM IP address is "undefined" under VM details -> ssh field
2017663 - SSH password authentication is disabled when public key is not supplied
2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP
2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set
2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource
2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults
2017761 - [e2e][automation] dummy bug for 4.9 test dependency
2017872 - Add Sprint 209 translations
2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances
2017879 - Add Chinese translation for "alternate"
2017882 - multus: add handling of pod UIDs passed from runtime
2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods
2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI
2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS
2018094 - the tooltip length is limited
2018152 - CNI pod is not restarted when It cannot start servers due to ports being used
2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time
2018234 - user settings are saved in local storage instead of on cluster
2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?)
2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)
2018275 - Topology graph doesn't show context menu for Export CSV
2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked
2018380 - Migrate docs links to access.redhat.com
2018413 - Error: context deadline exceeded, OCP 4.8.9
2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked
2018445 - [e2e][automation] enhance tests for downstream
2018446 - [e2e][automation] move tests to different level
2018449 - [e2e][automation] add test about create/delete network attachment definition
2018490 - [4.10] Image provisioning fails with file name too long
2018495 - Fix typo in internationalization README
2018542 - Kernel upgrade does not reconcile DaemonSet
2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit
2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes
2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950
2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10
2018985 - The rootdisk size is 15Gi of windows VM in customize wizard
2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync.
2019096 - Update SRO leader election timeout to support SNO
2019129 - SRO in operator hub points to wrong repo for README
2019181 - Performance profile does not apply
2019198 - ptp offset metrics are not named according to the log output
2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest
2019284 - Stop action should not in the action list while VMI is not running
2019346 - zombie processes accumulation and Argument list too long
2019360 - [RFE] Virtualization Overview page
2019452 - Logger object in LSO appends to existing logger recursively
2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect
2019634 - Pause and migration is enabled in action list for a user who has view only permission
2019636 - Actions in VM tabs should be disabled when user has view only permission
2019639 - "Take snapshot" should be disabled while VM image is still been importing
2019645 - Create button is not removed on "Virtual Machines" page for view only user
2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user
2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user
2019717 - cant delete VM with un-owned pvc attached
2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass
2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always"
2019744 - [RFE] Suggest users to download newest RHEL 8 version
2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level
2019827 - Display issue with top-level menu items running demo plugin
2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded
2019886 - Kuryr unable to finish ports recovery upon controller restart
2019948 - [RFE] Restructring Virtualization links
2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster
2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout
2019986 - Dynamic demo plugin fails to build
2019992 - instance:node_memory_utilisation:ratio metric is incorrect
2020001 - Update dockerfile for demo dynamic plugin to reflect dir change
2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation.
2020107 - cluster-version-operator: remove runlevel from CVO namespace
2020153 - Creation of Windows high performance VM fails
2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public
2020250 - Replacing deprecated ioutil
2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build
2020275 - ClusterOperators link in console returns blank page during upgrades
2020377 - permissions error while using tcpdump option with must-gather
2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined
2020498 - "Show PromQL" button is disabled
2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature
2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI
2020664 - DOWN subports are not cleaned up
2020904 - When trying to create a connection from the Developer view between VMs, it fails
2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana
2021017 - 404 page not found error on knative eventing page
2021031 - QE - Fix the topology CI scripts
2021048 - [RFE] Added MAC Spoof check
2021053 - Metallb operator presented as community operator
2021067 - Extensive number of requests from storage version operator in cluster
2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes
2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass
2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node
2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating
2021152 - imagePullPolicy is "Always" for ptp operator images
2021191 - Project admins should be able to list available network attachment defintions
2021205 - Invalid URL in git import form causes validation to not happen on URL change
2021322 - cluster-api-provider-azure should populate purchase plan information
2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind
2021364 - Installer requires invalid AWS permission s3:GetBucketReplication
2021400 - Bump documentationBaseURL to 4.10
2021405 - [e2e][automation] VM creation wizard Cloud Init editor
2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected
2021466 - [e2e][automation] Windows guest tool mount
2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver
2021551 - Build is not recognizing the USER group from an s2i image
2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character
2021629 - api request counts for current hour are incorrect
2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page
2021693 - Modals assigned modal-lg class are no longer the correct width
2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines
2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled
2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags
2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem
2022053 - dpdk application with vhost-net is not able to start
2022114 - Console logging every proxy request
2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)
2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long
2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error .
2022447 - ServiceAccount in manifests conflicts with OLM
2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules.
2022509 - getOverrideForManifest does not check manifest.GVK.Group
2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache
2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard
2022627 - Machine object not picking up external FIP added to an openstack vm
2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:'
2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox
2022801 - Add Sprint 210 translations
2022811 - Fix kubelet log rotation file handle leak
2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations
2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2022880 - Pipeline renders with minor visual artifact with certain task dependencies
2022886 - Incorrect URL in operator description
2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config
2023060 - [e2e][automation] Windows VM with CDROM migration
2023077 - [e2e][automation] Home Overview Virtualization status
2023090 - [e2e][automation] Examples of Import URL for VM templates
2023102 - [e2e][automation] Cloudinit disk of VM from custom template
2023216 - ACL for a deleted egressfirewall still present on node join switch
2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9
2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy
2023342 - SCC admission should take ephemeralContainers into account
2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden)
2023434 - Update Azure Machine Spec API to accept Marketplace Images
2023500 - Latency experienced while waiting for volumes to attach to node
2023522 - can't remove package from index: database is locked
2023560 - "Network Attachment Definitions" has no project field on the top in the list view
2023592 - [e2e][automation] add mac spoof check for nad
2023604 - ACL violation when deleting a provisioning-configuration resource
2023607 - console returns blank page when normal user without any projects visit Installed Operators page
2023638 - Downgrade support level for extended control plane integration to Dev Preview
2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10
2023675 - Changing CNV Namespace
2023779 - Fix Patch 104847 in 4.9
2023781 - initial hardware devices is not loading in wizard
2023832 - CCO updates lastTransitionTime for non-Status changes
2023839 - Bump recommended FCOS to 34.20211031.3.0
2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly
2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository
2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8
2024055 - External DNS added extra prefix for the TXT record
2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully
2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json
2024199 - 400 Bad Request error for some queries for the non admin user
2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode
2024262 - Sample catalog is not displayed when one API call to the backend fails
2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability
2024316 - modal about support displays wrong annotation
2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected
2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page
2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view
2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined
2024515 - test-blocker: Ceph-storage-plugin tests failing
2024535 - hotplug disk missing OwnerReference
2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image
2024547 - Detail page is breaking for namespace store , backing store and bucket class.
2024551 - KMS resources not getting created for IBM FlashSystem storage
2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel
2024613 - pod-identity-webhook starts without tls
2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded
2024665 - Bindable services are not shown on topology
2024731 - linuxptp container: unnecessary checking of interfaces
2024750 - i18n some remaining OLM items
2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured
2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack
2024841 - test Keycloak with latest tag
2024859 - Not able to deploy an existing image from private image registry using developer console
2024880 - Egress IP breaks when network policies are applied
2024900 - Operator upgrade kube-apiserver
2024932 - console throws "Unauthorized" error after logging out
2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up
2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick
2025230 - ClusterAutoscalerUnschedulablePods should not be a warning
2025266 - CreateResource route has exact prop which need to be removed
2025301 - [e2e][automation] VM actions availability in different VM states
2025304 - overwrite storage section of the DV spec instead of the pvc section
2025431 - [RFE]Provide specific windows source link
2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36
2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node
2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local
2025481 - Update VM Snapshots UI
2025488 - [DOCS] Update the doc for nmstate operator installation
2025592 - ODC 4.9 supports invalid devfiles only
2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings"
2025767 - VMs orphaned during machineset scaleup
2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard
2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku.
2025821 - Make "Network Attachment Definitions" available to regular user
2025823 - The console nav bar ignores plugin separator in existing sections
2025830 - CentOS capitalizaion is wrong
2025837 - Warn users that the RHEL URL expire
2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-
2025903 - [UI] RoleBindings tab doesn't show correct rolebindings
2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2026178 - OpenShift Alerting Rules Style-Guide Compliance
2026209 - Updation of task is getting failed (tekton hub integration)
2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io"
2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates
2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct
2026352 - Kube-Scheduler revision-pruner fail during install of new cluster
2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment
2026383 - Error when rendering custom Grafana dashboard through ConfigMap
2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation
2026396 - Cachito Issues: sriov-network-operator Image build failure
2026488 - openshift-controller-manager - delete event is repeating pathologically
2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined.
2026560 - Cluster-version operator does not remove unrecognized volume mounts
2026699 - fixed a bug with missing metadata
2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator
2026898 - Description/details are missing for Local Storage Operator
2027132 - Use the specific icon for Fedora and CentOS template
2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend
2027272 - KubeMemoryOvercommit alert should be human readable
2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group
2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue)
2027299 - The status of checkbox component is not revealed correctly in code
2027311 - K8s watch hooks do not work when fetching core resources
2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation
2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images
2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation
2027498 - [IBMCloud] SG Name character length limitation
2027501 - [4.10] Bootimage bump tracker
2027524 - Delete Application doesn't delete Channels or Brokers
2027563 - e2e/add-flow-ci.feature fix accessibility violations
2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges
2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions
2027685 - openshift-cluster-csi-drivers pods crashing on PSI
2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced
2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string
2027917 - No settings in hostfirmwaresettings and schema objects for masters
2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf
2027982 - nncp stucked at ConfigurationProgressing
2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters
2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed
2028030 - Panic detected in cluster-image-registry-operator pod
2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found"
2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9
2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin
2028141 - Console tests doesn't pass on Node.js 15 and 16
2028160 - Remove i18nKey in network-policy-peer-selectors.tsx
2028162 - Add Sprint 210 translations
2028170 - Remove leading and trailing whitespace
2028174 - Add Sprint 210 part 2 translations
2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it
2028217 - Cluster-version operator does not default Deployment replicas to one
2028240 - Multiple CatalogSources causing higher CPU use than necessary
2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings
2028325 - disableDrain should be set automatically on SNO
2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel
2028531 - Missing netFilter to the list of parameters when platform is OpenStack
2028610 - Installer doesn't retry on GCP rate limiting
2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting
2028695 - destroy cluster does not prune bootstrap instance profile
2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs
2028802 - CRI-O panic due to invalid memory address or nil pointer dereference
2028816 - VLAN IDs not released on failures
2028881 - Override not working for the PerformanceProfile template
2028885 - Console should show an error context if it logs an error object
2028949 - Masthead dropdown item hover text color is incorrect
2028963 - Whereabouts should reconcile stranded IP addresses
2029034 - enabling ExternalCloudProvider leads to inoperative cluster
2029178 - Create VM with wizard - page is not displayed
2029181 - Missing CR from PGT
2029273 - wizard is not able to use if project field is "All Projects"
2029369 - Cypress tests github rate limit errors
2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out
2029394 - missing empty text for hardware devices at wizard review
2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used
2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl
2029521 - EFS CSI driver cannot delete volumes under load
2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle
2029579 - Clicking on an Application which has a Helm Release in it causes an error
2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE
2029645 - Sync upstream 1.15.0 downstream
2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing
2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip
2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage
2029785 - CVO panic when an edge is included in both edges and conditionaledges
2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)
2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error
2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2030228 - Fix StorageSpec resources field to use correct API
2030229 - Mirroring status card reflect wrong data
2030240 - Hide overview page for non-privileged user
2030305 - Export App job do not completes
2030347 - kube-state-metrics exposes metrics about resource annotations
2030364 - Shared resource CSI driver monitoring is not setup correctly
2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets
2030534 - Node selector/tolerations rules are evaluated too early
2030539 - Prometheus is not highly available
2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing
2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation
2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates.
2030677 - BOND CNI: There is no option to configure MTU on a Bond interface
2030692 - NPE in PipelineJobListener.upsertWorkflowJob
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2030847 - PerformanceProfile API version should be v2
2030961 - Customizing the OAuth server URL does not apply to upgraded cluster
2031006 - Application name input field is not autofocused when user selects "Create application"
2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex
2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started
2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue
2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip
2031060 - Failing CSR Unit test due to expired test certificate
2031085 - ovs-vswitchd running more threads than expected
2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1
2031228 - CVE-2021-43813 grafana: directory traversal vulnerability
2031502 - [RFE] New common templates crash the ui
2031685 - Duplicated forward upstreams should be removed from the dns operator
2031699 - The displayed ipv6 address of a dns upstream should be case sensitive
2031797 - [RFE] Order and text of Boot source type input are wrong
2031826 - CI tests needed to confirm driver-toolkit image contents
2031831 - OCP Console - Global CSS overrides affecting dynamic plugins
2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional
2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)
2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)
2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself
2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource
2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64
2032141 - open the alertrule link in new tab, got empty page
2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy
2032296 - Cannot create machine with ephemeral disk on Azure
2032407 - UI will show the default openshift template wizard for HANA template
2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded
2032421 - [RFE] UI integration with automatic updated images
2032516 - Not able to import git repo with .devfile.yaml
2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource
2032547 - hardware devices table have filter when table is empty
2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool
2032566 - Cluster-ingress-router does not support Azure Stack
2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso
2032589 - DeploymentConfigs ignore resolve-names annotation
2032732 - Fix styling conflicts due to recent console-wide CSS changes
2032831 - Knative Services and Revisions are not shown when Service has no ownerReference
2032851 - Networking is "not available" in Virtualization Overview
2032926 - Machine API components should use K8s 1.23 dependencies
2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24
2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster
2033013 - Project dropdown in user preferences page is broken
2033044 - Unable to change import strategy if devfile is invalid
2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable
2033111 - IBM VPC operator library bump removed global CLI args
2033138 - "No model registered for Templates" shows on customize wizard
2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected
2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected
2033257 - unable to use configmap for helm charts
2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered
2033290 - Product builds for console are failing
2033382 - MAPO is missing machine annotations
2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations
2033403 - Devfile catalog does not show provider information
2033404 - Cloud event schema is missing source type and resource field is using wrong value
2033407 - Secure route data is not pre-filled in edit flow form
2033422 - CNO not allowing LGW conversion from SGW in runtime
2033434 - Offer darwin/arm64 oc in clidownloads
2033489 - CCM operator failing on baremetal platform
2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver
2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains
2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady
2033538 - Gather Cost Management Metrics Custom Resource
2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined
2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page
2033634 - list-style-type: disc is applied to the modal dropdowns
2033720 - Update samples in 4.10
2033728 - Bump OVS to 2.16.0-33
2033729 - remove runtime request timeout restriction for azure
2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended
2033749 - Azure Stack Terraform fails without Local Provider
2033750 - Local volume should pull multi-arch image for kube-rbac-proxy
2033751 - Bump kubernetes to 1.23
2033752 - make verify fails due to missing yaml-patch
2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource
2034004 - [e2e][automation] add tests for VM snapshot improvements
2034068 - [e2e][automation] Enhance tests for 4.10 downstream
2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore
2034097 - [OVN] After edit EgressIP object, the status is not correct
2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning
2034129 - blank page returned when clicking 'Get started' button
2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0
2034153 - CNO does not verify MTU migration for OpenShiftSDN
2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled
2034170 - Use function.knative.dev for Knative Functions related labels
2034190 - unable to add new VirtIO disks to VMs
2034192 - Prometheus fails to insert reporting metrics when the sample limit is met
2034243 - regular user cant load template list
2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version"
2034248 - GPU/Host device modal is too small
2034257 - regular user Create VM missing permissions alert
2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere
2034300 - Du validator policy is NonCompliant after DU configuration completed
2034319 - Negation constraint is not validating packages
2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology
2034350 - The CNO should implement the Whereabouts IP reconciliation cron job
2034362 - update description of disk interface
2034398 - The Whereabouts IPPools CRD should include the podref field
2034409 - Default CatalogSources should be pointing to 4.10 index images
2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics
2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode
2034460 - Summary: cloud-network-config-controller does not account for different environment
2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true
2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly
2034493 - Change cluster version operator log level
2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list
2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6
2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer
2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART
2034537 - Update team
2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds
2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success
2034577 - Current OVN gateway mode should be reflected on node annotation as well
2034621 - context menu not popping up for application group
2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10
2034624 - Warn about unsupported CSI driver in vsphere operator
2034647 - missing volumes list in snapshot modal
2034648 - Rebase openshift-controller-manager to 1.23
2034650 - Rebase openshift/builder to 1.23
2034705 - vSphere: storage e2e tests logging configuration data
2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail.
2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment
2034785 - ptpconfig with summary_interval cannot be applied
2034823 - RHEL9 should be starred in template list
2034838 - An external router can inject routes if no service is added
2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent
2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty
2034881 - Cloud providers components should use K8s 1.23 dependencies
2034884 - ART cannot build the image because it tries to download controller-gen
2034889 - oc adm prune deployments does not work
2034898 - Regression in recently added Events feature
2034957 - update openshift-apiserver to kube 1.23.1
2035015 - ClusterLogForwarding CR remains stuck remediating forever
2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster
2035141 - [RFE] Show GPU/Host devices in template's details tab
2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC
2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting
2035199 - IPv6 support in mtu-migration-dispatcher.yaml
2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing
2035250 - Peering with ebgp peer over multi-hops doesn't work
2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices
2035315 - invalid test cases for AWS passthrough mode
2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env
2035321 - Add Sprint 211 translations
2035326 - [ExternalCloudProvider] installation with additional network on workers fails
2035328 - Ccoctl does not ignore credentials request manifest marked for deletion
2035333 - Kuryr orphans ports on 504 errors from Neutron
2035348 - Fix two grammar issues in kubevirt-plugin.json strings
2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets
2035409 - OLM E2E test depends on operator package that's no longer published
2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address
2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1'
2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster
2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page
2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers
2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class
2035602 - [e2e][automation] add tests for Virtualization Overview page cards
2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly
2035704 - RoleBindings list page filter doesn't apply
2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing.
2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed
2035772 - AccessMode and VolumeMode is not reserved for customize wizard
2035847 - Two dashes in the Cronjob / Job pod name
2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml
2035882 - [BIOS setting values] Create events for all invalid settings in spec
2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests”
2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen
2035927 - Cannot enable HighNodeUtilization scheduler profile
2035933 - volume mode and access mode are empty in customize wizard review tab
2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods
2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation
2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error
2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential
2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend
2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes
2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23
2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23
2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments
2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists
2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected
2036826 - oc adm prune deployments can prune the RC/RS
2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform
2036861 - kube-apiserver is degraded while enable multitenant
2036937 - Command line tools page shows wrong download ODO link
2036940 - oc registry login fails if the file is empty or stdout
2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container
2036989 - Route URL copy to clipboard button wraps to a separate line by itself
2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters
2036993 - Machine API components should use Go lang version 1.17
2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log.
2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api
2037073 - Alertmanager container fails to start because of startup probe never being successful
2037075 - Builds do not support CSI volumes
2037167 - Some log level in ibm-vpc-block-csi-controller are hard code
2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles
2037182 - PingSource badge color is not matched with knativeEventing color
2037203 - "Running VMs" card is too small in Virtualization Overview
2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly
2037237 - Add "This is a CD-ROM boot source" to customize wizard
2037241 - default TTL for noobaa cache buckets should be 0
2037246 - Cannot customize auto-update boot source
2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately
2037288 - Remove stale image reference
2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources
2037483 - Rbacs for Pods within the CBO should be more restrictive
2037484 - Bump dependencies to k8s 1.23
2037554 - Mismatched wave number error message should include the wave numbers that are in conflict
2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]
2037635 - impossible to configure custom certs for default console route in ingress config
2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8
2037638 - Builds do not support CSI volumes as volume sources
2037664 - text formatting issue in Installed Operators list table
2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037801 - Serverless installation is failing on CI jobs for e2e tests
2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format
2037856 - use lease for leader election
2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10
2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests
2037904 - upgrade operator deployment failed due to memory limit too low for manager container
2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]
2038034 - non-privileged user cannot see auto-update boot source
2038053 - Bump dependencies to k8s 1.23
2038088 - Remove ipa-downloader references
2038160 - The default project missed the annotation : openshift.io/node-selector: ""
2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional
2038196 - must-gather is missing collecting some metal3 resources
2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)
2038253 - Validator Policies are long lived
2038272 - Failures to build a PreprovisioningImage are not reported
2038384 - Azure Default Instance Types are Incorrect
2038389 - Failing test: [sig-arch] events should not repeat pathologically
2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket
2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips
2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained
2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect
2038663 - update kubevirt-plugin OWNERS
2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new"
2038705 - Update ptp reviewers
2038761 - Open Observe->Targets page, wait for a while, page become blank
2038768 - All the filters on the Observe->Targets page can't work
2038772 - Some monitors failed to display on Observe->Targets page
2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node
2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces
2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard
2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation
2038864 - E2E tests fail because multi-hop-net was not created
2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console
2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured
2038968 - Move feature gates from a carry patch to openshift/api
2039056 - Layout issue with breadcrumbs on API explorer page
2039057 - Kind column is not wide enough in API explorer page
2039064 - Bulk Import e2e test flaking at a high rate
2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled
2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters
2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost
2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator
2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade
2039227 - Improve image customization server parameter passing during installation
2039241 - Improve image customization server parameter passing during installation
2039244 - Helm Release revision history page crashes the UI
2039294 - SDN controller metrics cannot be consumed correctly by prometheus
2039311 - oc Does Not Describe Build CSI Volumes
2039315 - Helm release list page should only fetch secrets for deployed charts
2039321 - SDN controller metrics are not being consumed by prometheus
2039330 - Create NMState button doesn't work in OperatorHub web console
2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations
2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters.
2039359 - oc adm prune deployments can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead
2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced
2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message
2040150 - Update ConfigMap keys for IBM HPCS
2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth
2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository
2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp
2040376 - "unknown instance type" error for supported m6i.xlarge instance
2040394 - Controller: enqueue the failed configmap till services update
2040467 - Cannot build ztp-site-generator container image
2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4
2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps
2040535 - Auto-update boot source is not available in customize wizard
2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name
2040603 - rhel worker scaleup playbook failed because missing some dependency of podman
2040616 - rolebindings page doesn't load for normal users
2040620 - [MAPO] Error pulling MAPO image on installation
2040653 - Topology sidebar warns that another component is updated while rendering
2040655 - User settings update fails when selecting application in topology sidebar
2040661 - Different react warnings about updating state on unmounted components when leaving topology
2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation
2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi
2040694 - Three upstream HTTPClientConfig struct fields missing in the operator
2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers
2040710 - cluster-baremetal-operator cannot update BMC subscription CR
2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms
2040782 - Import YAML page blocks input with more then one generateName attribute
2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute
2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator
2040793 - Fix snapshot e2e failures
2040880 - do not block upgrades if we can't connect to vcenter
2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10
2041093 - autounattend.xml missing
2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates
2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped"
2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23
2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller
2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener
2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud
2041466 - Kubedescheduler version is missing from the operator logs
2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses
2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)
2041492 - Spacing between resources in inventory card is too small
2041509 - GCP Cloud provider components should use K8s 1.23 dependencies
2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook
2041541 - audit: ManagedFields are dropped using API not annotation
2041546 - ovnkube: set election timer at RAFT cluster creation time
2041554 - use lease for leader election
2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected"
2041583 - etcd and api server cpu mask interferes with a guaranteed workload
2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure
2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation
2041620 - bundle CSV alm-examples does not parse
2041641 - Fix inotify leak and kubelet retaining memory
2041671 - Delete templates leads to 404 page
2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category
2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled
2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint
2041763 - The Observe > Alerting pages no longer have their default sort order applied
2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken
2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied
2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster
2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases
2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist
2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen
2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile
2041999 - [PROXY] external dns pod cannot recognize custom proxy CA
2042001 - unexpectedly found multiple load balancers
2042029 - kubedescheduler fails to install completely
2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters
2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs
2042059 - update discovery burst to reflect lots of CRDs on openshift clusters
2042069 - Revert toolbox to rhcos-toolbox
2042169 - Can not delete egressnetworkpolicy in Foreground propagation
2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool
2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud
2042274 - Storage API should be used when creating a PVC
2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection
2042366 - Lifecycle hooks should be independently managed
2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway
2042382 - [e2e][automation] CI takes more then 2 hours to run
2042395 - Add prerequisites for active health checks test
2042438 - Missing rpms in openstack-installer image
2042466 - Selection does not happen when switching from Topology Graph to List View
2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver
2042567 - insufficient info on CodeReady Containers configuration
2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk
2042619 - Overview page of the console is broken for hypershift clusters
2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running
2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud
2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud
2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly
2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)
2042851 - Create template from SAP HANA template flow - VM is created instead of a new template
2042906 - Edit machineset with same machine deletion hook name succeed
2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal"
2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways'
2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
2043043 - Cluster Autoscaler should use K8s 1.23 dependencies
2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)
2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects".
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2044201 - Templates golden image parameters names should be supported
2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]
2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied"
2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects
2044347 - Bump to kubernetes 1.23.3
2044481 - collect sharedresource cluster scoped instances with must-gather
2044496 - Unable to create hardware events subscription - failed to add finalizers
2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
2044680 - Additional libovsdb performance and resource consumption fixes
2044704 - Observe > Alerting pages should not show runbook links in 4.10
2044717 - [e2e] improve tests for upstream test environment
2044724 - Remove namespace column on VM list page when a project is selected
2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff
2044808 - machine-config-daemon-pull.service: use cp instead of cat when extracting MCD in OKD
2045024 - CustomNoUpgrade alerts should be ignored
2045112 - vsphere-problem-detector has missing rbac rules for leases
2045199 - SnapShot with Disk Hot-plug hangs
2045561 - Cluster Autoscaler should use the same default Group value as Cluster API
2045591 - Reconciliation of aws pod identity mutating webhook did not happen
2045849 - Add Sprint 212 translations
2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10
2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin
2045916 - [IBMCloud] Default machine profile in installer is unreliable
2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment
2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify
2046137 - oc output for unknown commands is not human readable
2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance
2046297 - Bump DB reconnect timeout
2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations
2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors
2046626 - Allow setting custom metrics for Ansible-based Operators
2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud
2047025 - Installation fails because of Alibaba CSI driver operator is degraded
2047190 - Bump Alibaba CSI driver for 4.10
2047238 - When using communities and localpreferences together, only localpreference gets applied
2047255 - alibaba: resourceGroupID not found
2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions
2047317 - Update HELM OWNERS files under Dev Console
2047455 - [IBM Cloud] Update custom image os type
2047496 - Add image digest feature
2047779 - do not degrade cluster if storagepolicy creation fails
2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2047929 - use lease for leader election
2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services
2048048 - Application tab in User Preferences dropdown menus are too wide.
2048050 - Topology list view items are not highlighted on keyboard navigation
2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value
2048413 - Bond CNI: Failed to attach Bond NAD to pod
2048443 - Image registry operator panics when finalizes config deletion
2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*
2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt
2048598 - Web terminal view is broken
2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure
2048891 - Topology page is crashed
2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class
2049043 - Cannot create VM from template
2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2049886 - Placeholder bug for OCP 4.10.0 metadata release
2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning
2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2
2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0
2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension'
2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]
2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members
2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes
2050370 - alert data for burn budget needs to be updated to prevent regression
2050393 - ZTP missing support for local image registry and custom machine config
2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud
2050737 - Remove metrics and events for master port offsets
2050801 - Vsphere upi tries to access vsphere during manifests generation phase
2050883 - Logger object in LSO does not log source location accurately
2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit
2052062 - Whereabouts should implement client-go 1.22+
2052125 - [4.10] Crio appears to be coredumping in some scenarios
2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config
2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set.
2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1
2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch
2052756 - [4.10] PVs are not being cleaned up after PVC deletion
2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format"
2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs
2053268 - inability to detect static lifecycle failure
2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates
2053323 - OpenShift-Ansible BYOH Unit Tests are Broken
2053339 - Remove dev preview badge from IBM FlashSystem deployment windows
2053751 - ztp-site-generate container is missing convenience entrypoint
2053945 - [4.10] Failed to apply sriov policy on intel nics
2054109 - Missing "app" label
2054154 - RoleBinding in project without subject is causing "Project access" page to fail
2054244 - Latest pipeline run should be listed on the top of the pipeline run list
2054288 - console-master-e2e-gcp-console is broken
2054562 - DPU network operator 4.10 branch need to sync with master
2054897 - Unable to deploy hw-event-proxy operator
2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently
2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line
2055371 - Remove Check which enforces summary_interval must match logSyncInterval
2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11
2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API
2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured
2056479 - ovirt-csi-driver-node pods are crashing intermittently
2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope"
2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes"
2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs
2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation
2056948 - post 1.23 rebase: regression in service-load balancer reliability
2057438 - Service Level Agreement (SLA) always show 'Unknown'
2057721 - Fix Proxy support in RHACM 2.4.2
2057724 - Image creation fails when NMstateConfig CR is empty
2058641 - [4.10] Pod density test causing problems when using kube-burner
2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install
2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials
2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc
- References:
https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator.
Security Fix(es):
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
- golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
- Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "glibc",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.32"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "500f",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "a250",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fas/aff baseboard management controller 500f",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "c library",
"scope": null,
"trust": 0.8,
"vendor": "gnu",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "service processor",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fabric operating system",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fas/aff baseboard management controller a250",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
],
"trust": 1.4
},
"cve": "CVE-2019-25013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-25013",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-25013",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-25013",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-048",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-25013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1428290 - CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option\n1684057 - CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read\n1704868 - CVE-2016-10228 glibc: iconv: Fix converter hangs and front end option parsing for //TRANSLIT and //IGNORE [rhel-8]\n1855790 - glibc: Update Intel CET support from upstream\n1856398 - glibc: Build with -moutline-atomics on aarch64\n1868106 - glibc: Transaction ID collisions cause slow DNS lookups in getaddrinfo\n1871385 - glibc: Improve auditing implementation (including DT_AUDIT, and DT_DEPAUDIT)\n1871387 - glibc: Improve IBM POWER9 architecture performance\n1871394 - glibc: Fix AVX2 off-by-one error in strncmp (swbz#25933)\n1871395 - glibc: Improve IBM Z (s390x) Performance\n1871396 - glibc: Improve use of static TLS surplus for optimizations. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the name\nservice cache daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nBug Fix(es):\n\n* glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with\nlarge device and inode numbers (BZ#1883162)\n\n* glibc: Performance regression in ebizzy benchmark (BZ#1889977)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the glibc library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-static-2.17-322.el7_9.i686.rpm\nglibc-static-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nppc64:\nglibc-2.17-322.el7_9.ppc.rpm\nglibc-2.17-322.el7_9.ppc64.rpm\nglibc-common-2.17-322.el7_9.ppc64.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm\nglibc-devel-2.17-322.el7_9.ppc.rpm\nglibc-devel-2.17-322.el7_9.ppc64.rpm\nglibc-headers-2.17-322.el7_9.ppc64.rpm\nglibc-utils-2.17-322.el7_9.ppc64.rpm\nnscd-2.17-322.el7_9.ppc64.rpm\n\nppc64le:\nglibc-2.17-322.el7_9.ppc64le.rpm\nglibc-common-2.17-322.el7_9.ppc64le.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc64le.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm\nglibc-devel-2.17-322.el7_9.ppc64le.rpm\nglibc-headers-2.17-322.el7_9.ppc64le.rpm\nglibc-utils-2.17-322.el7_9.ppc64le.rpm\nnscd-2.17-322.el7_9.ppc64le.rpm\n\ns390x:\nglibc-2.17-322.el7_9.s390.rpm\nglibc-2.17-322.el7_9.s390x.rpm\nglibc-common-2.17-322.el7_9.s390x.rpm\nglibc-debuginfo-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-2.17-322.el7_9.s390x.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390x.rpm\nglibc-devel-2.17-322.el7_9.s390.rpm\nglibc-devel-2.17-322.el7_9.s390x.rpm\nglibc-headers-2.17-322.el7_9.s390x.rpm\nglibc-utils-2.17-322.el7_9.s390x.rpm\nnscd-2.17-322.el7_9.s390x.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nglibc-debuginfo-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm\nglibc-static-2.17-322.el7_9.ppc.rpm\nglibc-static-2.17-322.el7_9.ppc64.rpm\n\nppc64le:\nglibc-debuginfo-2.17-322.el7_9.ppc64le.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm\nglibc-static-2.17-322.el7_9.ppc64le.rpm\n\ns390x:\nglibc-debuginfo-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-2.17-322.el7_9.s390x.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390x.rpm\nglibc-static-2.17-322.el7_9.s390.rpm\nglibc-static-2.17-322.el7_9.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-static-2.17-322.el7_9.i686.rpm\nglibc-static-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID: RHSA-2022:0056-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0056\nIssue date: 2022-03-10\nCVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027 is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027 is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\" in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027 is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027 ENV which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation] add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer: ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10] sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs : Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure - Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error \"unable to pull manifest from example.com/busy.box:v5 invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless\nOperator. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. STF then transmits the information to a\ncentralized, receiving Red Hat OpenShift Container Platform (OCP)\ndeployment for storage, retrieval, and monitoring. \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "168011"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-25013",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-10",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162634",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161254",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166279",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163406",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0868",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6426",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0743",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5140",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1743",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4222",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2365",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031430",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071310",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070604",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122914",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-25013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"id": "VAR-202101-0119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43806562
},
"last_update_date": "2024-07-23T19:27:48.072000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a024973 NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "GNU C Library Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=138312"
},
{
"title": "Debian CVElist Bug Report Logs: glibc: CVE-2019-25013",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7073abdc63eae799f90555726b8fbe41"
},
{
"title": "Red Hat: Moderate: glibc security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210348 - security advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1599",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1599"
},
{
"title": "Ubuntu Security Notice: USN-5768-1: GNU C Library vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5768-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-25013 log"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1511",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1511"
},
{
"title": "Arch Linux Advisories: [ASA-202102-18] glibc: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-18"
},
{
"title": "Arch Linux Advisories: [ASA-202102-17] lib32-glibc: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-17"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1605",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1605"
},
{
"title": "Ubuntu Security Notice: USN-5310-1: GNU C Library vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5310-1"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225924 - security advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-25013 "
},
{
"title": "ecr-api",
"trust": 0.1,
"url": "https://github.com/yalespinup/ecr-api "
},
{
"title": "sanction",
"trust": 0.1,
"url": "https://github.com/ctc-oss/sanction "
},
{
"title": "release-the-code-litecoin",
"trust": 0.1,
"url": "https://github.com/brandoncamenisch/release-the-code-litecoin "
},
{
"title": "interview_project",
"trust": 0.1,
"url": "https://github.com/domyrtille/interview_project "
},
{
"title": "trivy-multiscanner",
"trust": 0.1,
"url": "https://github.com/onzack/trivy-multiscanner "
},
{
"title": "spring-boot-app-with-log4j-vuln",
"trust": 0.1,
"url": "https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln "
},
{
"title": "giant-squid",
"trust": 0.1,
"url": "https://github.com/dispera/giant-squid "
},
{
"title": "devops-demo",
"trust": 0.1,
"url": "https://github.com/epequeno/devops-demo "
},
{
"title": "spring-boot-app-using-gradle",
"trust": 0.1,
"url": "https://github.com/nedenwalker/spring-boot-app-using-gradle "
},
{
"title": "xyz-solutions",
"trust": 0.1,
"url": "https://github.com/sauliuspr/xyz-solutions "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"trust": 1.6,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4y6tx47p47kabsfol26fldnvcwxdkdez/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tvcunlq3hxgs4vpuqkwtjgraw2ktfgxs/"
},
{
"trust": 1.0,
"url": "https://sourceware.org/git/?p=glibc.git%3ba=commit%3bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99464755/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-10"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tvcunlq3hxgs4vpuqkwtjgraw2ktfgxs/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4y6tx47p47kabsfol26fldnvcwxdkdez/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168011/red-hat-security-advisory-2022-5924-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163789/red-hat-security-advisory-2021-3119-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1743"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071310"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163747/red-hat-security-advisory-2021-3016-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0373/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031430"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166279/red-hat-security-advisory-2022-0056-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122914"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162634/red-hat-security-advisory-2021-1585-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0875"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/glibc-out-of-bounds-memory-reading-via-iconv-euc-kr-encoding-34360"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0743"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0868"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011038"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161254/red-hat-security-advisory-2021-0348-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070604"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4222"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163406/gentoo-linux-security-advisory-202107-07.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6426"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1585"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2705"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25660"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"date": "2021-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"date": "2021-05-19T13:59:56",
"db": "PACKETSTORM",
"id": "162634"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-07-14T15:02:07",
"db": "PACKETSTORM",
"id": "163496"
},
{
"date": "2021-02-02T16:12:10",
"db": "PACKETSTORM",
"id": "161254"
},
{
"date": "2022-03-11T16:38:38",
"db": "PACKETSTORM",
"id": "166279"
},
{
"date": "2021-09-17T16:04:56",
"db": "PACKETSTORM",
"id": "164192"
},
{
"date": "2022-08-09T14:36:05",
"db": "PACKETSTORM",
"id": "168011"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"date": "2021-01-04T18:15:13.027000",
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"date": "2023-06-16T05:32:00",
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"date": "2023-11-09T14:44:33.733000",
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168011"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU\u00a0C\u00a0Library\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
],
"trust": 0.6
}
}