Recent vulnerabilities

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
ghsa-jgm3-v9g7-rfc3 (github)	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak d...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-j78r-hv87-26mj (github)	In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined beh...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-h3mh-rq8w-j65m (github)	In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not ...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-f76m-q4g4-c63m (github)	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ulist leaks in er...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-8p4q-63f6-rqfp (github)	In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory l...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-8p4g-7vvj-g5r6 (github)	In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory l...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-8fmx-5gmc-pfcw (github)	In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-7m6j-5mcx-6jmq (github)	In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_rou...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-6xrp-v9gf-f7mv (github)	In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-6mfv-xmmj-jgwf (github)	In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_a...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-52fr-53gv-g23j (github)	In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix keyring memory ...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-4pmq-325h-rx32 (github)	In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset s...	2025-05-01T15:31:52Z	2025-05-01T15:31:52Z
ghsa-xxgf-mjgq-w636 (github)	In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix poss...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-wxgf-7f8j-hr6j (github)	In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential ...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-w9wh-q8v9-3rwf (github)	In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL ...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-w77p-v2rp-vmv8 (github)	In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe r...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-vq36-qmwm-crh2 (github)	In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer over...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-vm29-jh4p-x8cp (github)	In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allo...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-v832-47wf-r9vp (github)	In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_...	2025-05-01T15:31:50Z	2025-05-01T15:31:51Z
ghsa-p39f-f66f-x437 (github)	In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory le...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-h8g4-6mrj-mfm8 (github)	In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk...	2025-05-01T15:31:50Z	2025-05-01T15:31:51Z
ghsa-fw2p-r2v5-6jjq (github)	In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory l...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-crgv-wqmc-m2wr (github)	In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to cons...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-c8r4-j2q4-mjgj (github)	In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix NULL pointer de...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-c2p4-prc5-v3mc (github)	In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region l...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-8ww3-pfqc-q6wm (github)	In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad config...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-8w66-gh7h-jgjh (github)	In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix region HPA o...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-82pr-9mpc-vgv5 (github)	In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when dire...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-6qgr-97mx-84hr (github)	In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_d...	2025-05-01T15:31:51Z	2025-05-01T15:31:51Z
ghsa-5q7j-4fw2-f268 (github)	In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: fix possible me...	2025-05-01T15:31:50Z	2025-05-01T15:31:51Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS Base Score	Description	Vendor	Product	Publish Date	Update Date
cve-2023-26068 (NVD)	N/A	Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).	n/a	n/a	2023-04-10T00:00:00.000Z	2025-05-05T16:04:52.135Z
cve-2025-45322 (NVD)	N/A	kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.	n/a	n/a	2025-05-05T00:00:00.000Z	2025-05-05T16:04:37.287Z
cve-2023-26242 (NVD)	N/A	afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.	n/a	n/a	2023-02-21T00:00:00.000Z	2025-05-05T16:04:37.489Z
cve-2023-26544 (NVD)	N/A	In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.	n/a	n/a	2023-02-25T00:00:00.000Z	2025-05-05T16:04:24.668Z
cve-2022-43084 (NVD)	N/A	A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T16:04:19.769Z
cve-2023-26605 (NVD)	N/A	In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.	n/a	n/a	2023-02-26T00:00:00.000Z	2025-05-05T16:04:13.582Z
cve-2023-26606 (NVD)	N/A	In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.	n/a	n/a	2023-02-26T00:00:00.000Z	2025-05-05T16:04:03.743Z
cve-2023-26607 (NVD)	N/A	In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.	n/a	n/a	2023-02-26T00:00:00.000Z	2025-05-05T16:03:55.164Z
cve-2023-26609 (NVD)	N/A	ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.	n/a	n/a	2023-02-27T00:00:00.000Z	2025-05-05T16:03:46.043Z
cve-2023-26801 (NVD)	N/A	LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.	n/a	n/a	2023-03-26T00:00:00.000Z	2025-05-05T16:03:35.752Z
cve-2023-26802 (NVD)	N/A	An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request.	n/a	n/a	2023-03-26T00:00:00.000Z	2025-05-05T16:03:26.623Z
cve-2025-28062 (NVD)	N/A	A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections.	n/a	n/a	2025-05-05T00:00:00.000Z	2025-05-05T16:03:23.835Z
cve-2023-27076 (NVD)	N/A	Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.	n/a	n/a	2023-04-10T00:00:00.000Z	2025-05-05T16:03:16.372Z
cve-2023-27167 (NVD)	N/A	Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.	n/a	n/a	2023-03-29T00:00:00.000Z	2025-05-05T16:03:07.291Z
cve-2023-28005 (NVD)	N/A	A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone.	Trend Micro, Inc.	Trend Micro Endpoint Encryption Full Disk Encryption	2023-03-14T21:51:21.908Z	2025-05-05T16:02:55.834Z
cve-2023-28323 (NVD)	N/A	A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.	Ivanti	Ivanti Endpoint Manager	2023-06-30T23:40:30.788Z	2025-05-05T16:02:45.196Z
cve-2025-27920 (NVD)	N/A	Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.	n/a	n/a	2025-05-05T00:00:00.000Z	2025-05-05T16:02:33.428Z
cve-2023-28466 (NVD)	N/A	do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).	n/a	n/a	2023-03-15T00:00:00.000Z	2025-05-05T16:02:32.757Z
cve-2023-28500 (NVD)	N/A	A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	n/a	n/a	2023-04-06T00:00:00.000Z	2025-05-05T16:02:22.589Z
cve-2023-28772 (NVD)	N/A	An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.	n/a	n/a	2023-03-23T00:00:00.000Z	2025-05-05T16:02:12.798Z
cve-2022-43085 (NVD)	N/A	An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T16:02:09.893Z
cve-2023-28866 (NVD)	N/A	In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.	n/a	n/a	2023-03-27T00:00:00.000Z	2025-05-05T16:02:01.482Z
cve-2023-29059 (NVD)	N/A	3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.	n/a	n/a	2023-03-30T00:00:00.000Z	2025-05-05T16:01:52.444Z
cve-2023-29468 (NVD)	N/A	The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.	n/a	n/a	2023-08-14T00:00:00.000Z	2025-05-05T16:01:41.374Z
cve-2023-2008 (NVD)	N/A	A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.	n/a	Linux kernel udmabuf device driver	2023-04-14T00:00:00.000Z	2025-05-05T16:01:30.708Z
cve-2023-2176 (NVD)	N/A	A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.	n/a	Kernel	2023-04-20T00:00:00.000Z	2025-05-05T16:01:21.860Z
cve-2023-2362 (NVD)	N/A	Multiple Plugins from Wow-Company - Reflected XSS	Unknown Unknown Unknown Unknown Unknown Unknown Unknown Unknown Unknown Unknown Unknown Unknown	Float menu Bubble Menu Button Generator Calculator Builder Counter Box Floating Button Herd Effects Popup Box Side Menu Lite Sticky Buttons Wow Skype Buttons WP Coder	2023-06-12T17:28:22.661Z	2025-05-05T16:01:12.174Z
cve-2023-2721 (NVD)	N/A	Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	Google	Chrome	2023-05-16T18:45:33.757Z	2025-05-05T16:01:00.512Z
cve-2022-43086 (NVD)	N/A	Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T16:01:00.416Z
cve-2023-2722 (NVD)	N/A	Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	Google	Chrome	2023-05-16T18:45:33.967Z	2025-05-05T16:00:48.950Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS Base Score	Description	Vendor	Product	Publish Date	Update Date
cve-2023-21266 (NVD)	N/A	In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	Google	Android	2023-10-06T18:48:40.618Z	2025-05-05T14:59:28.865Z
cve-2022-44542 (NVD)	N/A	lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:18:56.012Z
cve-2022-43990 (NVD)	N/A	Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal).	n/a	SICK SIM1012	2022-11-01T00:00:00.000Z	2025-05-05T14:21:57.920Z
cve-2022-43989 (NVD)	N/A	Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal).	n/a	SICK SIM2x00 (ARM)	2022-11-01T00:00:00.000Z	2025-05-05T14:22:58.312Z
cve-2022-43362 (NVD)	N/A	Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:25:03.498Z
cve-2022-43361 (NVD)	N/A	Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:26:22.348Z
cve-2022-43241 (NVD)	N/A	Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.	n/a	n/a	2022-11-02T00:00:00.000Z	2025-05-05T14:48:23.890Z
cve-2022-43240 (NVD)	N/A	Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.	n/a	n/a	2022-11-02T00:00:00.000Z	2025-05-05T14:49:46.770Z
cve-2022-43127 (NVD)	N/A	Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:28:28.813Z
cve-2022-43083 (NVD)	N/A	An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:29:24.793Z
cve-2022-43082 (NVD)	N/A	A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:32:05.525Z
cve-2022-43081 (NVD)	N/A	Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php.	n/a	n/a	2022-11-01T00:00:00.000Z	2025-05-05T14:34:48.391Z
cve-2022-3499 (NVD)	N/A	An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.	n/a	Tenable Nessus	2022-10-31T00:00:00.000Z	2025-05-05T14:19:19.466Z
cve-2022-32888 (NVD)	N/A	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.	Apple Apple Apple Apple Apple Apple Apple	macOS macOS macOS macOS watchOS watchOS watchOS	2022-11-01T00:00:00.000Z	2025-05-05T15:01:09.370Z
cve-2024-38882 (NVD)	N/A	An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.	n/a	n/a	2024-08-02T00:00:00	2024-08-07T15:28:21.567300
cve-2024-25849 (NVD)	N/A	In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .	n/a	n/a	2024-03-08T00:00:00.000Z	2025-04-16T15:51:24.220Z
cve-2024-25848 (NVD)	N/A	In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.	n/a	n/a	2024-03-08T00:00:00	2024-11-14T20:06:51.432Z
cve-2024-25845 (NVD)	N/A	In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.	n/a	n/a	2024-03-08T00:00:00	2024-08-27T19:50:28.017Z
cve-2024-25847 (NVD)	N/A	SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.	n/a	n/a	2024-03-03T00:00:00.000Z	2025-04-16T16:03:50.297Z
cve-2024-27515 (NVD)	N/A	Osclass 5.1.2 is vulnerable to SQL Injection.	n/a	n/a	2024-02-28T00:00:00	2024-08-05T17:33:03.898Z
cve-2025-47268 (NVD)		ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.	iputils	iputils	2025-05-05T00:00:00.000Z	2025-05-05T13:24:37.998Z
cve-2025-4316 (NVD)	N/A	Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.	Devolutions	Server	2025-05-05T14:00:50.110Z	2025-05-05T14:00:50.110Z
cve-2025-45751 (NVD)	N/A	SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.	n/a	n/a	2025-05-05T00:00:00.000Z	2025-05-05T13:41:29.826Z
cve-2025-3928 (NVD)		Commvault Web Server unspecified vulnerability	Commvault	Web Server	2025-04-25T15:56:28.112Z	2025-05-05T13:34:41.408Z
cve-2025-3155 (NVD)	CVSS-v3.1: 7.4	Yelp: arbitrary file read	Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9	2025-04-03T13:34:18.878Z	2025-05-05T13:52:40.301Z
cve-2025-28168 (NVD)	N/A	Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted File Upload. The vulnerability is because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify the parameter to bypass extension restrictions and upload arbitrary files.	n/a	n/a	2025-05-05T00:00:00.000Z	2025-05-05T13:21:46.662Z
cve-2025-27007 (NVD)	CVSS-v3.1: 9.8	WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability	Brainstorm Force	SureTriggers	2025-05-01T10:54:56.209Z	2025-05-05T17:09:59.911Z
cve-2023-32005 (NVD)	N/A	A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.	NodeJS	Node	2023-09-12T01:36:55.851Z	2025-05-05T13:56:50.265Z
cve-2022-43995 (NVD)	N/A	Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.	n/a	n/a	2022-11-02T00:00:00.000Z	2025-05-05T13:45:19.142Z
cve-2022-43245 (NVD)	N/A	Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.	n/a	n/a	2022-11-02T00:00:00.000Z	2025-05-05T13:48:53.727Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
pysec-2024-52	lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algor...	2024-06-09T19:15:00+00:00	2024-06-09T21:20:21.309692+00:00
pysec-2024-51	A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low p...	2024-05-16T09:15:00+00:00	2024-05-16T11:19:52.866536+00:00
pysec-2024-50	Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing ...	2024-04-23T18:15:00+00:00	2024-04-23T21:18:51.688096+00:00
pysec-2023-260	A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, spec...	2023-12-07T05:15:00+00:00	2024-04-16T15:20:55.191003+00:00
pysec-2024-49	Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed ...	2024-03-27T06:15:00+00:00	2024-03-27T11:18:36.506150+00:00
pysec-2024-48	Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Servic...	2024-03-19T05:15:00+00:00	2024-03-19T11:18:50.379002+00:00
pysec-2024-47	In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Trunc...	2024-03-15T20:15:00+00:00	2024-03-15T23:20:34.975097+00:00
pysec-2024-46	Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated us...	2024-03-14T09:15:00+00:00	2024-03-14T11:19:09.515892+00:00
pysec-2024-45	LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the fi...	2024-03-04T00:15:00+00:00	2024-03-13T23:20:07.486731+00:00
pysec-2024-44	In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for...	2024-03-12T16:15:00+00:00	2024-03-12T19:19:21.886478+00:00
pysec-2024-43	LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the fi...	2024-03-04T00:15:00+00:00	2024-03-05T10:22:15.555734+00:00
pysec-2024-42	Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and View...	2024-03-01T11:15:00+00:00	2024-03-01T14:20:34.498842+00:00
pysec-2023-259	A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-pr...	2023-12-29T05:15:00+00:00	2024-02-29T07:20:31.851255+00:00
pysec-2023-258	A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-pr...	2023-12-29T05:15:00+00:00	2024-02-29T07:20:31.721783+00:00
pysec-2023-257	A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-pr...	2023-12-29T05:15:00+00:00	2024-02-29T07:20:31.603749+00:00
pysec-2023-256	A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-pr...	2023-12-29T05:15:00+00:00	2024-02-29T07:20:31.464203+00:00
pysec-2023-255	Command Injection in GitHub repository gradio-app/gradio prior to main.	2023-12-14T14:15:00+00:00	2024-02-28T16:22:37.359017+00:00
pysec-2024-41	diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents...	2024-02-27T02:15:00+00:00	2024-02-27T07:20:27.954412+00:00
pysec-2024-40	orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.	2024-02-26T16:28:00+00:00	2024-02-26T18:22:26.039698+00:00
pysec-2024-39	Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on...	2024-02-24T05:15:00+00:00	2024-02-24T07:19:09.418536+00:00
pysec-2023-254	cryptography is a package designed to expose cryptographic primitives and recipes to Python devel...	2023-11-29T19:15:00+00:00	2024-02-17T07:18:27.688636+00:00
pysec-2024-38	FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints...	2024-02-05T15:15:00+00:00	2024-02-16T18:22:32.607118+00:00
pysec-2024-37	nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This securi...	2024-02-09T23:15:00+00:00	2024-02-16T16:22:37.389642+00:00
pysec-2022-43059	AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of ...	2022-06-23T17:15:00Z	2024-02-16T13:47:54.655573Z
pysec-2024-36	An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_...	2024-02-06T12:15:00+00:00	2024-02-14T07:20:09.911618+00:00
pysec-2023-253	Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.	2023-12-15T01:15:00+00:00	2024-02-14T00:26:12.242703+00:00
pysec-2024-35	Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core...	2024-02-02T05:15:00+00:00	2024-02-10T07:18:43.563257+00:00
pysec-2024-12	LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in N...	2024-01-22T01:15:00Z	2024-02-10T01:22:25.611009Z
pysec-2024-34	The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federate...	2024-01-30T16:15:00+00:00	2024-02-08T20:20:16.896186+00:00
pysec-2024-33	The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federate...	2024-01-30T16:15:00+00:00	2024-02-08T20:20:16.842528+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
gsd-2024-33523	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33522	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33521	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33520	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33519	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33518	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33517	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33516	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33515	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33514	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33513	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33512	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33511	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33510	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33509	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33508	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33507	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33506	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33505	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33504	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33503	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33502	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33501	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33500	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33499	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33498	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33497	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33496	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33495	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33494	The format of the source doesn't require a description, click on the link for more details

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
mal-2024-8616	Malicious code in @diotoborg/rerum-mollitia (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8606	Malicious code in @diotoborg/repellat-blanditiis-quis (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8593	Malicious code in @diotoborg/recusandae-impedit (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8571	Malicious code in @diotoborg/quis-soluta-nesciunt (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8566	Malicious code in @diotoborg/quis-dolor-laborum (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8552	Malicious code in @diotoborg/qui-at (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8541	Malicious code in @diotoborg/quaerat-dicta (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8516	Malicious code in @diotoborg/perspiciatis-blanditiis (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8505	Malicious code in @diotoborg/officiis-ratione-facilis (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8462	Malicious code in @diotoborg/nihil-eveniet-quisquam (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8461	Malicious code in @diotoborg/nesciunt-veniam (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8451	Malicious code in @diotoborg/necessitatibus-provident-adipisci (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8445	Malicious code in @diotoborg/natus-delectus (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8444	Malicious code in @diotoborg/nam-voluptates-in (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8439	Malicious code in @diotoborg/mollitia-ratione (npm)	2024-09-02T01:42:13Z	2024-09-02T01:42:13Z
mal-2024-8421	Malicious code in @diotoborg/minus-alias-quisquam (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8415	Malicious code in @diotoborg/maiores-quae-quia (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8371	Malicious code in @diotoborg/ipsa-deleniti-ab (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8362	Malicious code in @diotoborg/incidunt-animi (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8359	Malicious code in @diotoborg/illum-consequuntur (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8333	Malicious code in @diotoborg/facere-cupiditate (npm)	2024-09-02T01:42:07Z	2024-09-02T01:42:13Z
mal-2024-8259	Malicious code in @diotoborg/dolorum-autem (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8255	Malicious code in @diotoborg/doloribus-minima-velit (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8233	Malicious code in @diotoborg/distinctio-vel (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8218	Malicious code in @diotoborg/deleniti-culpa (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8216	Malicious code in @diotoborg/delectus-voluptatibus (npm)	2024-09-02T01:42:13Z	2024-09-02T01:42:13Z
mal-2024-8209	Malicious code in @diotoborg/cumque-sequi (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8208	Malicious code in @diotoborg/cumque-repellat (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z
mal-2024-8163	Malicious code in @diotoborg/autem-dolor (npm)	2024-09-02T01:42:11Z	2024-09-02T01:42:13Z
mal-2024-8145	Malicious code in @diotoborg/aspernatur-id (npm)	2024-09-02T01:42:12Z	2024-09-02T01:42:13Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
wid-sec-w-2023-1872	libvirt: Schwachstelle ermöglicht Denial of Service	2023-07-24T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1731	QEMU: Schwachstelle ermöglicht Denial of Service	2023-07-12T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1709	QEMU: Schwachstelle ermöglicht Denial of Service	2023-07-11T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1692	Intel Prozessoren: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen	2019-05-14T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1662	QEMU: Schwachstelle ermöglicht Denial of Service	2023-07-04T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1621	QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2023-07-02T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1590	Ruby: Schwachstelle ermöglicht Denial of Service	2023-06-28T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-1209	libvirt: Schwachstelle ermöglicht Denial of Service oder Offenlegung von Informationen	2023-05-14T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-0818	QEMU: Schwachstelle ermöglicht Privilegieneskalation	2023-03-30T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-0814	Ruby: Mehrere Schwachstellen ermöglichen Denial of Service	2023-03-30T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-0679	QEMU: Mehrere Schwachstellen ermöglichen Denial of Service	2020-06-01T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-0649	QEMU: Schwachstelle ermöglicht nicht spezifizierten Angriff	2023-03-14T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2023-0173	QEMU: Schwachstelle ermöglicht Codeausführung	2022-03-28T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-2257	QEMU: Schwachstelle ermöglicht Denial of Service	2022-03-03T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-2185	QEMU: Schwachstelle ermöglicht Denial of Service	2022-11-28T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-2179	QEMU: Schwachstelle ermöglicht Denial of Service	2022-11-27T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-2173	Ruby: Schwachstelle ermöglicht Manipulation von Dateien	2022-11-24T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1728	Red Enterprise Linux Advanced Virtualization: Mehrere Schwachstellen	2021-09-30T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1724	libvirt: Schwachstelle ermöglicht Denial of Service	2020-10-01T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1722	QEMU und libvirt: Mehrere Schwachstellen	2020-08-31T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1613	git: Mehrere Schwachstellen	2019-12-10T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1535	QEMU: Schwachstelle ermöglicht Denial of Service	2022-09-25T22:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1279	QEMU: Schwachstelle ermöglicht Privilegieneskalation	2021-02-10T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1278	QEMU: Schwachstelle ermöglicht Denial of Service	2021-02-04T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1277	QEMU: Schwachstelle ermöglicht nicht spezifizierten Angriff	2021-02-02T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1276	QEMU: Schwachstelle ermöglicht Denial of Service	2021-01-27T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1275	QEMU: Schwachstelle ermöglicht Denial of Service	2021-01-18T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1274	QEMU: Schwachstelle ermöglicht Denial of Service	2020-12-10T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1273	QEMU: Schwachstelle ermöglicht Denial of Service	2020-12-01T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00
wid-sec-w-2022-1272	QEMU: Schwachstelle ermöglicht Denial of Service	2020-11-30T23:00:00.000+00:00	2024-09-02T22:00:00.000+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
rhsa-2023_5442	Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.2 security and bug fix updates	2023-10-04T13:06:41+00:00	2025-03-24T12:03:06+00:00
rhsa-2023_5421	Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes	2023-10-03T18:49:51+00:00	2025-03-24T12:02:57+00:00
rhsa-2023_5533	Red Hat Security Advisory: nodejs security, bug fix, and enhancement update	2023-10-09T10:29:45+00:00	2025-03-24T12:02:55+00:00
rhsa-2023_4983	Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update	2023-09-05T18:37:03+00:00	2025-03-24T12:02:54+00:00
rhsa-2023_3374	Red Hat Security Advisory: Migration Toolkit for Runtimes security update	2023-05-31T10:51:35+00:00	2025-03-24T12:02:49+00:00
rhsa-2023_5379	Red Hat Security Advisory: Network Observability 1.4.0 for OpenShift	2023-09-28T02:59:49+00:00	2025-03-24T12:02:48+00:00
rhsa-2023_2097	Red Hat Security Advisory: Satellite 6.13 Release	2023-05-03T15:54:07+00:00	2025-03-24T12:02:48+00:00
rhsa-2023_5485	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8	2023-10-06T07:21:50+00:00	2025-03-24T12:02:46+00:00
rhsa-2023_4971	Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update	2023-09-05T11:53:51+00:00	2025-03-24T12:02:45+00:00
rhsa-2023_5376	Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update	2023-09-27T14:22:37+00:00	2025-03-24T12:02:40+00:00
rhsa-2023_3265	Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.3 Security and Bug fix update	2023-05-23T09:17:22+00:00	2025-03-24T12:02:39+00:00
rhsa-2023_2098	Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes	2023-05-03T15:32:39+00:00	2025-03-24T12:02:38+00:00
rhsa-2023_5486	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9	2023-10-06T03:41:07+00:00	2025-03-24T12:02:36+00:00
rhsa-2023_4693	Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update	2023-08-21T21:53:41+00:00	2025-03-24T12:02:36+00:00
rhsa-2023_5360	Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update	2023-09-26T14:59:37+00:00	2025-03-24T12:02:31+00:00
rhsa-2023_1582	Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update	2023-04-04T09:57:16+00:00	2025-03-24T12:02:31+00:00
rhsa-2023_2654	Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update	2023-05-09T11:51:08+00:00	2025-03-24T12:02:28+00:00
rhsa-2023_2083	Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes	2023-05-02T16:19:24+00:00	2025-03-24T12:02:28+00:00
rhsa-2023_0932	Red Hat Security Advisory: Logging Subsystem 5.6.3 - Red Hat OpenShift	2023-03-08T14:06:03+00:00	2025-03-24T12:02:28+00:00
rhsa-2023_5488	Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update	2023-10-05T20:18:28+00:00	2025-03-24T12:02:27+00:00
rhsa-2023_4692	Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update	2023-08-21T17:07:30+00:00	2025-03-24T12:02:22+00:00
rhsa-2023_5361	Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update	2023-09-26T14:56:14+00:00	2025-03-24T12:02:21+00:00
rhsa-2023_1533	Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update	2023-03-30T13:06:07+00:00	2025-03-24T12:02:21+00:00
rhsa-2023_2655	Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update	2023-05-09T11:51:16+00:00	2025-03-24T12:02:19+00:00
rhsa-2023_2061	Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes	2023-05-01T18:24:57+00:00	2025-03-24T12:02:19+00:00
rhsa-2023_0930	Red Hat Security Advisory: Logging Subsystem 5.5.8 - Red Hat OpenShift	2023-03-08T15:35:11+00:00	2025-03-24T12:02:18+00:00
rhsa-2023_5362	Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update	2023-09-26T15:05:53+00:00	2025-03-24T12:02:12+00:00
rhsa-2023_4341	Red Hat Security Advisory: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update	2023-08-02T13:49:36+00:00	2025-03-24T12:02:12+00:00
rhsa-2023_1486	Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update	2023-03-28T00:18:32+00:00	2025-03-24T12:02:11+00:00
rhsa-2023_2104	Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes	2023-05-03T20:14:23+00:00	2025-03-24T12:02:09+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
cisco-sa-tetr-cmd-injc-skrwgo	Cisco Tetration Command Injection Vulnerability	2022-01-12T16:00:00+00:00	2022-01-31T17:21:31+00:00
cisco-sa-webex-xss-fmbpu2pe	Cisco Webex Meetings Cross-Site Scripting Vulnerability	2022-01-19T16:00:00+00:00	2022-01-19T16:00:00+00:00
cisco-sa-rcm-vuls-7cs3nuq	Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities	2022-01-19T16:00:00+00:00	2022-01-19T16:00:00+00:00
cisco-sa-confdcli-cmdinj-wybqdssh	ConfD CLI Command Injection Vulnerability	2022-01-19T16:00:00+00:00	2022-01-19T16:00:00+00:00
cisco-sa-cli-cmdinj-4mttwzpb	Multiple Cisco Products CLI Command Injection Vulnerability	2022-01-19T16:00:00+00:00	2022-01-19T16:00:00+00:00
cisco-sa-sb220-lldp-multivuls-mvrutq8t	Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities	2021-10-06T16:00:00+00:00	2022-01-13T21:37:56+00:00
cisco-sa-sna-xss-nxoxdhrq	Cisco Secure Network Analytics Cross-Site Scripting Vulnerability	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-prime-reg-xss-zloz8pfb	Cisco Prime Access Registrar Appliance Cross-Site Scripting Vulnerability	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-pi-epnm-path-trav-zws324yn	Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerabilities	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-ip-phone-info-disc-frdjfoxa	Cisco IP Phones Information Disclosure Vulnerability	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-ece-multivulns-kbk2yvhr	Cisco Enterprise Chat and Email Vulnerabilities	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-csm-mult-xss-7hmokqtt	Cisco Security Manager Cross-Site Scripting Vulnerabilities	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-ccmp-priv-esc-jzhtflm4	Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability	2022-01-12T16:00:00+00:00	2022-01-12T16:00:00+00:00
cisco-sa-cspc-info-disc-km3bgvl	Cisco Common Services Platform Collector Information Disclosure Vulnerability	2021-11-03T16:00:00+00:00	2022-01-06T17:54:37+00:00
cisco-sa-pi-sql-inj-kgllsfw8	Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager SQL Injection Vulnerability	2020-06-03T16:00:00+00:00	2022-01-06T17:41:46+00:00
cisco-sa-cms-lahe8z5v	Cisco Meeting Server Call Bridge Denial of Service Vulnerability	2021-10-20T16:00:00+00:00	2021-12-22T17:29:02+00:00
cisco-sa-wifi-faf-22epcewu	Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021	2021-05-11T18:00:00+00:00	2021-12-15T15:47:26+00:00
cisco-sa-cspc-ilr-8qmw8y8x	Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability	2021-11-17T16:00:00+00:00	2021-11-18T22:48:15+00:00
cisco-sa-cspc-xss-kjrnbm3p	Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability	2021-11-17T16:00:00+00:00	2021-11-18T22:48:14+00:00
cisco-sa-cspc-sqli-unvptn5	Cisco Common Services Platform Collector SQL Injection Vulnerability	2021-11-17T16:00:00+00:00	2021-11-18T22:48:13+00:00
cisco-sa-ise-xss1-rgxyry2v	Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities	2021-10-20T16:00:00+00:00	2021-11-12T18:15:57+00:00
cisco-sa-cps-static-key-jms92hnv	Cisco Policy Suite Static SSH Keys Vulnerability	2021-11-03T16:00:00+00:00	2021-11-04T17:32:39+00:00
cisco-sa-webex-activation-3sdnfxcy	Cisco Webex Meetings Email Content Injection Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-vmesh-openred-agnrmf5	Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-videomesh-xss-qjm2bdqf	Cisco Webex Video Mesh Cross-Site Scripting Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-umbrella-user-enum-s7xfjwde	Cisco Umbrella Email Enumeration Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-ucm-csrf-xrtkdu3h	Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-smb-switches-web-dos-xmyffkt8	Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-smb-switches-tokens-uzwpr4e5	Cisco Small Business Series Switches Session Credentials Replay Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00
cisco-sa-sbrv-cmdinjection-z5cwfdk	Cisco Small Business RV Series Routers Command Injection Vulnerability	2021-11-03T16:00:00+00:00	2021-11-03T16:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
var-201912-0605	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of RenderMultiColumnFlow objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Safari prior to 12.1.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. Installation note: Apple TV will periodically check for software updates. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003 ------------------------------------------------------------------------ Date reported : May 20, 2019 Advisory ID : WSA-2019-0003 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0003.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0003.html CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623. CVE-2019-6237 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team. CVE-2019-8571 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to 01 working with Trend Micro's Zero Day Initiative. CVE-2019-8583 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech. CVE-2019-8584 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative. CVE-2019-8586 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to an anonymous researcher. CVE-2019-8587 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8594 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab. CVE-2019-8595 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative. CVE-2019-8596 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech. CVE-2019-8597 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to 01 working with Trend Micro Zero Day Initiative. CVE-2019-8601 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative. CVE-2019-8607 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Junho Jang and Hanul Choi of LINE Security Team. CVE-2019-8608 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8609 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Wen Xu of SSLab, Georgia Tech. CVE-2019-8610 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Anonymous working with Trend Micro Zero Day Initiative. CVE-2019-8615 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative. CVE-2019-8611 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8619 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab. CVE-2019-8622 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8623 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, May 20, 2019 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the following: Accessibility Framework Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8603: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro's Zero Day Initiative AMD Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8635: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Application Firewall Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved restrictions. CVE-2019-8590: The UK's National Cyber Security Centre (NCSC) CoreAudio Available for: macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved error handling. CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative CoreAudio Available for: macOS Mojave 10.14.4 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative DesktopServices Available for: macOS Mojave 10.14.4 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2019-8589: Andreas Clementi, Stefan Haselwanter, and Peter Stelzhammer of AV-Comparatives Disk Images Available for: macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Disk Images Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University EFI Available for: macOS Mojave 10.14.4 Impact: A user may be unexpectedly logged in to another user's account Description: An authentication issue was addressed with improved state management. CVE-2019-8634: Jenny Sprenger and Maik Hoepfel Intel Graphics Driver Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8616: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Intel Graphics Driver Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2018-4456: Tyler Bohan of Cisco Talos IOKit Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A local user may be able to load unsigned kernel extensions Description: A validation issue existed in the handling of symlinks. CVE-2019-8606: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: macOS Mojave 10.14.4 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8604: Fluoroacetate working with Trend Micro's Zero Day Initiative SQLite Available for: macOS Mojave 10.14.4 Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research StreamingZip Available for: macOS Mojave 10.14.4 Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. PackageKit We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance. Installation note: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZsi4pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GJyhAA ipwQq4CCFG5VTwffHlYFo1WoFhj3LPVex/1v/atmSZvo1GA1C7OMRtjjY4W/66Dn scduO8amThzjp/oSbHaUMSgskpXNqBRLjKZQ02ErfWNhw3laVgPkd0dRqUGNTsa1 WLb6w0cHIozbEl17azkJs5SUojNjRm0+M/GgRMgFbZxbPJMTFpZRH0iKuUCT8cYg 3awkFYqSTWR0UYSIE+gb4VWVjvX5xUrpD6RdEX19cZr6FYT6cv63pGQtBdLTkp/L w5g3X1q4lv5aVqRetUzaOba16M319KAT9MRHBgM7XkFK+5Vdhtj70LUoutxTlPfK c1We70jxAd1BR+WzlxzvxzrWLjxHczSyBVqOOJpS0C99synNCAaTUVoiyQDh3M0k Qlpb4N3rtrVQAFF8rTkeI93wS3qdYPfCWt/Co20EQ5FaWG/+CZTmjbGq61TB1gJq KUymGfplPG1YJbu9UnjLyPF/ICMj8MkMGkSSMIwkG51rhlvJF7pa+fFNGuKt2jnh FTD/fHwWeTcqBq1/9NVPsvdbWk5o2e2xEDYG4EfcWDfSsbsW1g7WsO2LMaDB8EHg Hcy7GCbFYbsDTqVXERUXi6GDusM2UWLyXFqi5Cael1gCCXcPfM9/tn/vfJWxuId4 QvYyi/HZU0Ra1zsp6/2wNvPA+Uw+vGlLhSWgjCxvfLk= =934G -----END PGP SIGNATURE-----
var-201912-0123	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * User impersonation * * Arbitrary code execution * * UI Spoofing * * Insufficient access restrictions * * Service operation interruption (DoS) * * Privilege escalation * * Memory corruption * * Authentication bypass. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple Safari prior to 13.0.3; iOS prior to 13.2; iPadOS prior to 13.2; tvOS prior to 13.2; Windows-based iCloud prior to 11.0; Windows-based iTunes prior to 12.10.2; Windows-based versions of iCloud prior to 7.15. Solution: Download the release images via: quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3 4. Bugs fixed (https://bugzilla.redhat.com/): 1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2020:5634 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64 The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Security Fix(es): * crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563) * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749) * heketi: gluster-block volume password details available in logs (CVE-2020-10763) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - `--to` option does not work with `--credentials-requests` flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted` 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - `oc api-resources` does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in `oc explain` 1880787 - No description for Provisioning CRD for `oc explain` 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 \|\| totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - `oc explain localvolumediscovery` returns empty description 1887751 - `oc explain localvolumediscoveryresult` returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service` 1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]: `make check` broken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove ' from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 - `oc adm release mirror` panic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translate `this` without context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 - `Active alerts` section throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describing `ignore-volume-az` is incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Show `kubectl diff ` command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in the `oc rollback -h` help page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port in `from dockerfile` flow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026` 1918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information for `oc new-project --skip-config-write` is wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode` 1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources shows `undefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found 5. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This advisory provides the following updates among others: Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Installation note: Safari 13.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4" References ========== [ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2 iOS 13.2 and iPadOS 13.2 are now available and address the following: Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt App Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu) Associated Domains Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure AVEVideoEncoder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8795: 08Tc3wBB working with SSD Secure Disclosure Books Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven Contacts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com) File System Events Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative Graphics Driver Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher Screen Time Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to record the screen without a visible screen recording indicator Description: A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. CVE-2019-8793: Ryan Jenkins of Lake Forrest Prep School Setup Assistant Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An inconsistency in Wi-Fi network configuration settings was addressed. CVE-2019-8804: Christy Philip Mathew of Zimperium, Inc WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8813: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8782: Cheolung Lee of LINE+ Security Team CVE-2019-8783: Cheolung Lee of LINE+ Graylab Security Team CVE-2019-8808: found by OSS-Fuzz CVE-2019-8811: Soyeon Park of SSLab at Georgia Tech CVE-2019-8812: an anonymous researcher CVE-2019-8814: Cheolung Lee of LINE+ Security Team CVE-2019-8816: Soyeon Park of SSLab at Georgia Tech CVE-2019-8819: Cheolung Lee of LINE+ Security Team CVE-2019-8820: Samuel Groß of Google Project Zero CVE-2019-8821: Sergei Glazunov of Google Project Zero CVE-2019-8822: Sergei Glazunov of Google Project Zero CVE-2019-8823: Sergei Glazunov of Google Project Zero WebKit Process Model Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8815: Apple Additional recognition CFNetwork We would like to acknowledge Lily Chen of Google for their assistance. Kernel We would like to acknowledge Jann Horn of Google Project Zero for their assistance. WebKit We would like to acknowledge Dlive of Tencent's Xuanwu Lab and Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.2 and iPadOS 13.2". Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5
var-201904-0981	SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. SQLite Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SQLite is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. SQLite versions prior to 3.25.3 are vulnerable. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. ========================================================================= Ubuntu Security Notice USN-4019-1 June 19, 2019 sqlite3 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in SQLite. Software Description: - sqlite3: C library that implements an SQL database engine Details: It was discovered that SQLite incorrectly handled certain SQL files. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936) It was discovered that SQLite incorrectly handled certain inputs. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685) It was discovered that SQLite incorrectly handled certain queries. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2519) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: libsqlite3-0 3.27.2-2ubuntu0.1 sqlite3 3.27.2-2ubuntu0.1 Ubuntu 18.10: libsqlite3-0 3.24.0-1ubuntu0.1 sqlite3 3.24.0-1ubuntu0.1 Ubuntu 18.04 LTS: libsqlite3-0 3.22.0-1ubuntu0.1 sqlite3 3.22.0-1ubuntu0.1 Ubuntu 16.04 LTS: libsqlite3-0 3.11.0-1ubuntu1.2 sqlite3 3.11.0-1ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4019-1 CVE-2016-6153, CVE-2017-10989, CVE-2017-13685, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-9936, CVE-2019-9937 Package Information: https://launchpad.net/ubuntu/+source/sqlite3/3.27.2-2ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.24.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.22.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/sqlite3/3.11.0-1ubuntu1.2 . CVE-2018-4467: Martim Carbone, David Vernet, Sam Scalise, and Fred Jacobs of the Virtual Machine Monitor Group of VMware, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-1 iOS 12.1.3 iOS 12.1.3 is now available and addresses the following: AppleKeyStore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-6200: an anonymous researcher Core Media Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6202: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day Initiative CoreAnimation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team CoreAnimation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-6224: Natalie Silvanovich of Google Project Zero IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6214: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved validation. CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6210: Ned Williamson of Google Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking. CVE-2019-6205: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6213: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6209: Brandon Azad of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6208: Jann Horn of Google Project Zero Keyboard Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Password autofill may fill in passwords after they were manually cleared Description: An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. CVE-2019-6206: Sergey Pershenkov libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6218: Ian Beer of Google Project Zero Natural Language Processing Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2019-6219: Authier Thomas Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2019-6228: Ryan Pickren (ryanpickren.com) SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-20346: Tencent Blade Team CVE-2018-20505: Tencent Blade Team CVE-2018-20506: Tencent Blade Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6229: Ryan Pickren (ryanpickren.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6215: Lokihardt of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple WebRTC Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-6211: Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s), and Rob Miller (@trotmaster99) of MWR Labs (@mwrlabs) working with Trend Micro's Zero Day Initiative Additional recognition mDNSResponder We would like to acknowledge Fatemah Alharbi of University of California, Riverside (UCR) and Taibah University (TU), Feng Qian of University of Minnesota - Twin City, Jie Chang of LinkSure Network, Nael Abu-Ghazaleh of University of California, Riverside (UCR), Yuchen Zhou of Northeastern University, and Zhiyun Qian of University of California, Riverside (UCR) for their assistance. Safari Reader We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance. WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.1.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSwpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GA0RAA l3Yft6CRTyGtLyqIanBFP4sMtaxlIP44Y0+gPIf59DhZ7bzuy3s+cjnUJAxrqBC+ NAqrNur5x8OVBIS7T65njvccD7e7uGWBZfeEbMdplT5aK3AvRuW7MyXEo3nZu3dx gMRsubjQmwOnMB3Taxj0a6y2jvLU9DA7IfVyKb7ReCz3wv5KPb4BxLvbHwaMrbsJ SBETrGYMn4awTSmUs/IQTDECOzRLyicQnY44afDL/K9n/oB59VQm5ZUPDj9ofeQN UQsD7XVH19eI99N+uNQ+07GCqQ6++qe+kGVi2RR7HERt3wd4mnV895f6UvhlUjlU K1tY68ZuDNPZ54GJfniFI0OCYfcd5rYsPTnOt11heFnWfG+nnm2r+3BEh60RW5lW ONeyQ3ScubgMV2Teo3G0tWf9BGvKAI+qXbFuzkAMAucB+f7Oj06WDGhYPEAQZ8KR xLSb6nyfihQA6Bz4KbfppKC7I2GuyF6rl5iz+VBPHId7yaF0jxjEiJEF7RbLhbeg k7x8vJrKLR7hAs4AWCq69ZQ6VvmKLdgSNNCcbJIQNPCYtGabOP7xl4piDw4b46wq /LR6UNrYdf/U3hljPfKIBn+0e1EITcKHfUu85MyHftanF1JFYNp03eFJT5ouyMRt LD5C8YOX6VcEwCQqUpKmJD9wWwUehRhEiEffGkR+xSY=Jb8S -----END PGP SIGNATURE-----
var-201302-0147	Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Adobe Flash Player Contains a buffer overflow vulnerability. This vulnerability CVE-2013-0645 , CVE-2013-1365 , CVE-2013-1366 , CVE-2013-1367 , CVE-2013-1368 , CVE-2013-1369 , CVE-2013-1370 , CVE-2013-1372 ,and CVE-2013-1373 Is a different vulnerability.An attacker could execute arbitrary code. Note: This issue was previously covered in BID 57907 (Adobe Flash Player and AIR APSB13-05 Multiple Security Vulnerabilities), but has been given its own record to better document it. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0254-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0254.html Issue date: 2013-02-13 CVE Names: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639 CVE-2013-0642 CVE-2013-0644 CVE-2013-0645 CVE-2013-0647 CVE-2013-0649 CVE-2013-1365 CVE-2013-1366 CVE-2013-1367 CVE-2013-1368 CVE-2013-1369 CVE-2013-1370 CVE-2013-1372 CVE-2013-1373 CVE-2013-1374 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910570 - flash-plugin: multiple code execution flaws (APSB13-05) 910571 - CVE-2013-0637 flash-plugin: information disclosure flaw (APSB13-05) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0637.html https://www.redhat.com/security/data/cve/CVE-2013-0638.html https://www.redhat.com/security/data/cve/CVE-2013-0639.html https://www.redhat.com/security/data/cve/CVE-2013-0642.html https://www.redhat.com/security/data/cve/CVE-2013-0644.html https://www.redhat.com/security/data/cve/CVE-2013-0645.html https://www.redhat.com/security/data/cve/CVE-2013-0647.html https://www.redhat.com/security/data/cve/CVE-2013-0649.html https://www.redhat.com/security/data/cve/CVE-2013-1365.html https://www.redhat.com/security/data/cve/CVE-2013-1366.html https://www.redhat.com/security/data/cve/CVE-2013-1367.html https://www.redhat.com/security/data/cve/CVE-2013-1368.html https://www.redhat.com/security/data/cve/CVE-2013-1369.html https://www.redhat.com/security/data/cve/CVE-2013-1370.html https://www.redhat.com/security/data/cve/CVE-2013-1372.html https://www.redhat.com/security/data/cve/CVE-2013-1373.html https://www.redhat.com/security/data/cve/CVE-2013-1374.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-05.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRG2NzXlSAg2UNWIIRAjGKAJ4lnleOpb7dBn8s/DCk7wAK9qbQJACgm3Vs pnyD10c/hdKGIm0b1Kjv3eY= =+cgh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . SOLUTION: Update to version 24.0.1312.70. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Please send email to <cert@cert.org> with "TA13-043A Feedback VU#689711" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player / AIR Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52166 RELEASE DATE: 2013-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/52166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to cause buffer overflows. 2) Some use-after-free errors can be exploited to dereference already freed memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to disclose certain sensitive information. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2, 5) The vendor credits Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google 3) The vendor credits Natalie Silvanovich, BlackBerry Security, Research in Motion 4) The vendor credits Damian Put via iDefense 6) Reported by the vendor. ORIGINAL ADVISORY: Adobe (APSB13-05): http://www.adobe.com/support/security/bulletins/apsb13-05.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
var-201905-0080	A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. wildfly Contains a race condition vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. A race condition issue vulnerability exists in RedHatWildfly16.0.0.Final and prior versions. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. Redhat Wildfly is prone to a local denial of service vulnerability. An attacker can leverage this issue to cause a denial of service condition. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. Summary: This is a security update for JBoss EAP Continuous Delivery 18.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) * xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173) * infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) * undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.3 server patch from the customer portal. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update)
var-201009-0229	Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga's bgpd daemon has a stack overflow vulnerability when parsing Route-Refresh messages. Quagga is prone to a stack-based buffer-overflow vulnerability. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Background ========== Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/quagga < 0.99.20 >= 0.99.20 Description =========== Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2104-1 security@debian.org http://www.debian.org/security/ Florian Weimer September 06, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-2948 CVE-2010-2949 Debian Bug : 594262 Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2948 When processing a crafted Route Refresh message received from a configured, authenticated BGP neighbor, Quagga may crash, leading to a denial of service. CVE-2010-2949 When processing certain crafted AS paths, Quagga would crash with a NULL pointer dereference, leading to a denial of service. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers. In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them. (Previously, such AS paths would trigger resets of unrelated BGP sessions.) For the stable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny3. For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 0.99.17-1. We recommend that you upgrade your quagga package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254 arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1 6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no H0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j dRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0 IR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr sITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY= =HP/T -----END PGP SIGNATURE----- . Updated packages are available that bring Quagga to version 0.99.17 which provides numerous bugfixes over the previous 0.99.12 version, and also corrects these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949 _______________________________________________________________________ Updated Packages: Corporate 4.0: 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw AMo+uyGwHeG+uyLmOzKKMOs= =ahfH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1027-1 December 07, 2010 quagga vulnerabilities CVE-2010-2948, CVE-2010-2949 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.7 Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.4 Ubuntu 9.10: quagga 0.99.13-1ubuntu0.1 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records. The default compiler options for Ubuntu 8.04 LTS and later should reduce the vulnerability to a denial of service. (CVE-2010-2948) It was discovered that Quagga incorrectly parsed certain AS paths
var-202203-0111	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. For the oldstable distribution (buster), these problems have been fixed in version 2.36.0-3~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 2.36.0-3~deb11u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: security-tracker.debian.org/tracker/webkit2gtk. Description: Logging Subsystem 5.5.5 - Red Hat OpenShift Security Fixe(s): * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * loader-utils: Regular expression denial of service (CVE-2022-37603) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html For Red Hat OpenShift Logging 5.5, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config 6. Description: Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security and bug fix update Advisory ID: RHSA-2022:8054-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8054 Issue date: 2022-11-15 CVE Names: CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 ==================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: webkit2gtk3-2.36.7-1.el9.src.rpm aarch64: webkit2gtk3-2.36.7-1.el9.aarch64.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-debugsource-2.36.7-1.el9.aarch64.rpm webkit2gtk3-devel-2.36.7-1.el9.aarch64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.aarch64.rpm ppc64le: webkit2gtk3-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-debugsource-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-devel-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm s390x: webkit2gtk3-2.36.7-1.el9.s390x.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-debugsource-2.36.7-1.el9.s390x.rpm webkit2gtk3-devel-2.36.7-1.el9.s390x.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.s390x.rpm x86_64: webkit2gtk3-2.36.7-1.el9.i686.rpm webkit2gtk3-2.36.7-1.el9.x86_64.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-debugsource-2.36.7-1.el9.i686.rpm webkit2gtk3-debugsource-2.36.7-1.el9.x86_64.rpm webkit2gtk3-devel-2.36.7-1.el9.i686.rpm webkit2gtk3-devel-2.36.7-1.el9.x86_64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3PhNNzjgjWX9erEAQjsxA//e3e3o5MsuGWIcDr3QU3zPT+1zQymzdZX X0oSq7JCHRFVefNXaiVxl0WEaxVTQcenhr/A7SaX4Ma6Hy/B64yzRShe60OO3IFm xsuLDaist0ol9Tyay1lPwhI6HqwCvZd7u+7P8iMKZyGynM56hVlOKW9YDal+a4u8 Nsxp2svs6Yq3rif40CSuuYdpAQ54Tiduz4mjGaD8eGStOUKeQ2SldrbwUFZJn5wR zI6f0B3eY6gWb64xkhX5G4OzC7KzI/gnFJls15mece5L8NiNpz6znRKEjo0mlMzN nAkTk4/E2bPUJwrB6FNJvOZhpOnr86fxezIzRIstzXRovkPQbubpC6AVCkrTNXnM cdh0tYzts6TJ4Pdlbti7pq2hoKkTfagdMGfftZwowvlhpl+7xaK+LwnivK885atz jw/2QztgTQfrgw0/B/ZoqzoRhm9ExcViYgPtIYiAWGd4d7HLgBROGtjWS7rMKrSV mCjE/AKfgtJsnMyBRpqCcpz5qWQdGEvpaU+ZieeL9ygOdh1qg66ZRlEO7yuQDCTE mC4Snqzi5mRu6K/b66nlzlA1/jWs+/vOgfiXs+V43S1mN16B+cRbXLJhPCXJAxnY g1QwMmc4xjIKauClchw/kokItJvJLYdqlsae7nI95qTD+WBtEmvh8k19JtUi7jG6 dICPDYbUcGQ=qQaN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Service Binding manages the data plane for applications and backing services. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717 6. Description: Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/ Bugs addressed: * clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679) * RHACM 2.6.3 images (BZ# 2139085) Security fixes: * CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function Security * CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements 3. Bugs fixed (https://bugzilla.redhat.com/): 2129679 - clusters belong to global clusterset is not selected by placement when rescheduling 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2139085 - RHACM 2.6.3 images 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements 5
var-201903-0388	An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. libssh2 is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 11.0 Xcode 11.0 addresses the following: IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855: Chris Coulson ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team Installation note: Xcode 11.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.0". 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libssh2 security update Advisory ID: RHSA-2019:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0679 Issue date: 2019-03-28 CVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 ==================================================================== 1. Summary: An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The libssh2 packages provide a library that implements the SSH2 protocol. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm ppc64: libssh2-1.4.3-12.el7_6.2.ppc.rpm libssh2-1.4.3-12.el7_6.2.ppc64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm aarch64: libssh2-1.4.3-12.el7_6.2.aarch64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm ppc64: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm libssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd LDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE wE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC nFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev FCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA O5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno 7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7 z4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu cdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND XkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4 D/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH tLzz6XhldNU=R5e5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access
var-201412-0614	util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Has been identified. http://cwe.mitre.org/data/definitions/338.htmlA brute force attack by a third party (Brute force attack) May break the cryptographic protection mechanism. NTP is prone to a predictable random number generator weakness. An attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server. Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. II. [CVE-2014-9293] The ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9294] When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. [CVE-2014-9296] III. Impact The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect time stamps or masquerade as another time server. [CVE-2014-9295] IV. Workaround No workaround is available, but systems not running ntpd(8) are not affected. Because the issue may lead to remote root compromise, the FreeBSD Security Team recommends system administrators to firewall NTP ports, namely tcp/123 and udp/123 when it is not clear that all systems have been patched or have ntpd(8) stopped. V. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch # fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc # gpg --verify ntp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the ntpd(8) daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r276073 releng/8.4/ r276154 stable/9/ r276073 releng/9.1/ r276155 releng/9.2/ r276156 releng/9.3/ r276157 stable/10/ r276072 releng/10.0/ r276158 releng/10.1/ r276159 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2014:2024-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2024.html Issue date: 2014-12-20 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 ===================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm ppc64: ntp-4.2.6p5-2.el6_6.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntpdate-4.2.6p5-2.el6_6.ppc64.rpm s390x: ntp-4.2.6p5-2.el6_6.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntpdate-4.2.6p5-2.el6_6.s390x.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntp-perl-4.2.6p5-2.el6_6.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntp-perl-4.2.6p5-2.el6_6.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ntp-4.2.6p5-2.el6_6.src.rpm i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm ppc64: ntp-4.2.6p5-19.el7_0.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm ntpdate-4.2.6p5-19.el7_0.ppc64.rpm s390x: ntp-4.2.6p5-19.el7_0.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm ntpdate-4.2.6p5-19.el7_0.s390x.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm sntp-4.2.6p5-19.el7_0.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm sntp-4.2.6p5-19.el7_0.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ntp-4.2.6p5-19.el7_0.src.rpm x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUlOKcXlSAg2UNWIIRAvBoAKCfw+j4ua5JaIRMc5eKkny9G1yWlgCgufNc EvBImTd+Vq7//UExow1FP4U= =m/Eb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2015-02-18 Last Updated: 2015-04-08 Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879 SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous HP-UX B.11.11 running XNTP version 3.5 or previous BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following solutions for HP-UX B.11.31, HP-UX B.11.23, and HP-UX B.11.11. The two patches are available from the HP Support Center (HPSC). http://h20565.www2.hp.com/portal/site/hpsc? A new B.11.31 depot for HP-UX-NTP_C.4.2.6.5.0 is available here: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPUX-NTP The B.11.31 image HP-UX-NTP_C.4.2.6.5.0 The B.11.23 patch PHNE_44236 for NTP v3.5 The B.11.11 patch PHNE_44235 for NTP v3.5 Mitigation steps for HP-UX B.11.23 and HP-UX B.11.11 for CVE-2014-9295 Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling noquery using the restrict command in /etc/ntp.conf file. Reference: http://support.ntp.org/bin/view/Main/SecurityNotice MANUAL ACTIONS: Yes - Update If patch installation on B.11.11 or B.11.23 is not possible, mitigate with step above. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== InternetSrvcs.INETSVCS-BOOT action: install PHNE_44235 or subsequent HP-UX B.11.23 ================== InternetSrvcs.INETSVCS2-BOOT action: install PHNE_44236 or subsequent HP-UX B.11.31 ================== NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 18 February 2015 Initial release Version:2 (rev.2) - 8 April 2015 Added B.11.23 and B.11.11 patches Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several high-severity vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team. For more information, see: https://www.kb.cert.org/vuls/id/852879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 ( Security fix ) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz Slackware x86_64 13.0 package: edd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz Slackware 13.1 package: 4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz Slackware 13.37 package: 294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz Slackware 14.0 package: 32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz Slackware 14.1 package: f2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz Slackware -current package: 5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz Slackware x86_64 -current package: 9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ \| To leave the slackware-security mailing list: \| +------------------------------------------------------------------------+ \| Send an email to majordomo@slackware.com with this text in the body of \| \| the email message: \| \| \| \| unsubscribe slackware-security \| \| \| \| You will get a confirmation message back containing instructions to \| \| complete the process. Please do not reply to this email address. References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239 SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Platform Patch Kit Name Alpha IA64 V8.4 75-117-380_2015-08-24.BCK NOTE: Please contact OpenVMS Technical Support to request these patch kits. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014 ntp vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in NTP. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295) Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2 Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2 After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities EMC Identifier: ESA-2015-004 CVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-3618 Severity Rating: CVSS v2 Base Score: View details below for individual CVSS score for each CVE Affected products: \x95 EMC M&R (Watch4Net) versions prior 6.5u1 \x95 EMC ViPR SRM versions prior to 3.6.1 Summary: EMC M&R (Watch4Net) is vulnerable to multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. EMC ViPR SRM is built on EMC M&R platform and is also affected by these vulnerabilities. Details: The vulnerabilities include: \x95 Multiple Oracle Java Runtime Environment (JRE) Vulnerabilities CVE Identifiers: CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562. Oracle JRE contains multiple security vulnerabilities. Oracle JRE has been upgraded to 8.0u25 to address these vulnerabilities. See vendor advisory (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA) for more details. CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the individual CVSS scores for each CVE listed above. \x95 Multiple Cross-Site Scripting Vulnerabilities CVE Identifier: CVE-2015-0513 Several user-supplied fields in the administrative user interface may be potentially exploited by an authenticated privileged malicious user to conduct cross-site-scripting attacks on other authenticated users of the system. CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) \x95 Insecure Cryptographic Storage Vulnerability CVE Identifier: CVE-2015-0514 A malicious non-ViPR SRM user with access to an installation of ViPR SRM and knowledge of internal encryption methods could potentially decrypt credentials used for data center discovery. CVSS v2 Base Score: 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N) \x95 Unrestricted File Upload Vulnerability CVE Identifier: CVE-2015-0515 This vulnerability may potentially be exploited by an authenticated, privileged malicious user to upload arbitrary files into the file system via the web interface. CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) \x95 Path Traversal Vulnerability CVE Identifier: CVE-2015-0516 This vulnerability may potentially be exploited by an authenticated, privileged malicious user to download arbitrary files from the file system via the web interface by manipulating the directory structure in the URL. CVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N) \x95 SUSE Procmail Heap Overflow Vulnerability CVE Identifier: CVE-2014-3618 Procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers. CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS score. \x95 NTP Multiple Vulnerabilities CVE Identifier: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 NTP was updated to fix multiple vulnerabilities. See vendor advisory http://support.ntp.org/bin/view/Main/SecurityNotice for more details. CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS scores. Resolution: The following version contains the resolution to these issues: \x95 EMC M&R (Watch4Net) 6.5u1 and later \x95 EMC ViPR SRM 3.6.1 and later EMC strongly recommends all customers upgrade at the earliest opportunity. In addition, customers are recommended to review the Security Configuration Guide distributed with the product for specific instructions on secure configurations of the system. Link to remedies: Registered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM Credits: EMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting CVE-2015-0513 and CVE-2015-0514. The net-misc/ntp package contains the official reference implementation by the NTP Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/ntp < 4.2.8 >= 4.2.8 Description =========== Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8" References ========== [ 1 ] CVE-2014-9293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293 [ 2 ] CVE-2014-9294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294 [ 3 ] CVE-2014-9295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295 [ 4 ] CVE-2014-9296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201408-0079	Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion is prone to an insecure authentication weakness. This may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <securitymandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl NaJSaZq4W6qIMwD8fhQF5Ls= =R/mF -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Subversion. Software Description: - subversion: Advanced version control system Details: Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-3528) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libsvn1 1.8.8-1ubuntu3.1 subversion 1.8.8-1ubuntu3.1 Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.4 libsvn1 1.6.17dfsg-3ubuntu3.4 subversion 1.6.17dfsg-3ubuntu3.4 In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:0166-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0166.html Issue date: 2015-02-10 CVE Names: CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 ===================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision 1174054 - CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests 1174057 - CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.i686.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm ppc64: mod_dav_svn-1.7.14-7.el7_0.ppc64.rpm subversion-1.7.14-7.el7_0.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-libs-1.7.14-7.el7_0.ppc.rpm subversion-libs-1.7.14-7.el7_0.ppc64.rpm s390x: mod_dav_svn-1.7.14-7.el7_0.s390x.rpm subversion-1.7.14-7.el7_0.s390x.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-libs-1.7.14-7.el7_0.s390.rpm subversion-libs-1.7.14-7.el7_0.s390x.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: subversion-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc.rpm subversion-debuginfo-1.7.14-7.el7_0.ppc64.rpm subversion-devel-1.7.14-7.el7_0.ppc.rpm subversion-devel-1.7.14-7.el7_0.ppc64.rpm subversion-gnome-1.7.14-7.el7_0.ppc.rpm subversion-gnome-1.7.14-7.el7_0.ppc64.rpm subversion-javahl-1.7.14-7.el7_0.ppc.rpm subversion-javahl-1.7.14-7.el7_0.ppc64.rpm subversion-kde-1.7.14-7.el7_0.ppc.rpm subversion-kde-1.7.14-7.el7_0.ppc64.rpm subversion-perl-1.7.14-7.el7_0.ppc.rpm subversion-perl-1.7.14-7.el7_0.ppc64.rpm subversion-python-1.7.14-7.el7_0.ppc64.rpm subversion-ruby-1.7.14-7.el7_0.ppc.rpm subversion-ruby-1.7.14-7.el7_0.ppc64.rpm subversion-tools-1.7.14-7.el7_0.ppc64.rpm s390x: subversion-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390.rpm subversion-debuginfo-1.7.14-7.el7_0.s390x.rpm subversion-devel-1.7.14-7.el7_0.s390.rpm subversion-devel-1.7.14-7.el7_0.s390x.rpm subversion-gnome-1.7.14-7.el7_0.s390.rpm subversion-gnome-1.7.14-7.el7_0.s390x.rpm subversion-javahl-1.7.14-7.el7_0.s390.rpm subversion-javahl-1.7.14-7.el7_0.s390x.rpm subversion-kde-1.7.14-7.el7_0.s390.rpm subversion-kde-1.7.14-7.el7_0.s390x.rpm subversion-perl-1.7.14-7.el7_0.s390.rpm subversion-perl-1.7.14-7.el7_0.s390x.rpm subversion-python-1.7.14-7.el7_0.s390x.rpm subversion-ruby-1.7.14-7.el7_0.s390.rpm subversion-ruby-1.7.14-7.el7_0.s390x.rpm subversion-tools-1.7.14-7.el7_0.s390x.rpm x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: subversion-1.7.14-7.el7_0.src.rpm x86_64: mod_dav_svn-1.7.14-7.el7_0.x86_64.rpm subversion-1.7.14-7.el7_0.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-libs-1.7.14-7.el7_0.i686.rpm subversion-libs-1.7.14-7.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: subversion-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.i686.rpm subversion-debuginfo-1.7.14-7.el7_0.x86_64.rpm subversion-devel-1.7.14-7.el7_0.i686.rpm subversion-devel-1.7.14-7.el7_0.x86_64.rpm subversion-gnome-1.7.14-7.el7_0.i686.rpm subversion-gnome-1.7.14-7.el7_0.x86_64.rpm subversion-javahl-1.7.14-7.el7_0.i686.rpm subversion-javahl-1.7.14-7.el7_0.x86_64.rpm subversion-kde-1.7.14-7.el7_0.i686.rpm subversion-kde-1.7.14-7.el7_0.x86_64.rpm subversion-perl-1.7.14-7.el7_0.i686.rpm subversion-perl-1.7.14-7.el7_0.x86_64.rpm subversion-python-1.7.14-7.el7_0.x86_64.rpm subversion-ruby-1.7.14-7.el7_0.i686.rpm subversion-ruby-1.7.14-7.el7_0.x86_64.rpm subversion-tools-1.7.14-7.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3528 https://access.redhat.com/security/cve/CVE-2014-3580 https://access.redhat.com/security/cve/CVE-2014-8108 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2014-3528-advisory.txt https://subversion.apache.org/security/CVE-2014-3580-advisory.txt https://subversion.apache.org/security/CVE-2014-8108-advisory.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU2pCEXlSAg2UNWIIRAmlpAJ4o2MhM6glIBctGbU52rfN8EZXCDgCdEIll KM6EsnQkXd09uLTe1k+tQaU= =CuZg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.2"
var-200803-0027	KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. If the KDC receives a malformed Kerberos 4 message, and there was no previous Kerberos 4 communication, a null pointer dereference will be triggered, causing the KDC to crash. If there is valid Kerberos 4 communication, messages sent to the client are locked using a null pointer; the pointer may resend a previously generated response, send some arbitrary block of process memory (which may contain key data), or due to an attempt to Accessing an invalid address crashes the process. If the process does not crash, a random address is passed to free(), which may corrupt the release pool, causing a crash, data corruption, or a jump to an arbitrary address in process memory. =========================================================== Ubuntu Security Notice USN-587-1 March 19, 2008 krb5 vulnerabilities CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.7 libkrb53 1.4.3-5ubuntu0.7 Ubuntu 6.10: libkadm55 1.4.3-9ubuntu1.6 libkrb53 1.4.3-9ubuntu1.6 Ubuntu 7.04: libkadm55 1.4.4-5ubuntu3.4 libkrb53 1.4.4-5ubuntu3.4 Ubuntu 7.10: libkadm55 1.6.dfsg.1-7ubuntu0.1 libkrb53 1.6.dfsg.1-7ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that krb5 did not correctly handle certain krb4 requests. (CVE-2008-0947) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.diff.gz Size/MD5: 1460317 0090e30287f3448ed9babac78c39d5ca http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.dsc Size/MD5: 848 237125b6b35a1a059e5573d10fd7c18e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.7_all.deb Size/MD5: 853222 dfd657a08b13ce0f3916e49ab8e3ce28 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 190904 e9e05267f551177f3c7cae46fdda9565 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 768706 79270ab27ac164fc4c76822e1dc0be2c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 425714 d8467d288bf46cdfa35ba74e6aa0ff02 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 80378 b2d795bc82f8f962ceff0afdd11060da http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 223230 73161771034af58dc6d0cd0c4be72fa8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 60376 f0712ab86caf1d9d9e52ff3750afeddd http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 135158 34b51b738a69c2aeb9df20e0af93e9bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 85274 265b8ad9968001e5c984743650d635ac http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 67600 bd5c7020310f1bd70f8dc98864c2961c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 129906 0f0383de4d51d8581a260021c3332f72 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 165730 8128a78d17cd98c4ccfa086b390af167 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 647222 96672590753337d39b1aadc24dac0531 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 381120 af9c45400c55b68778f3b769c238548d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 72298 754b91046e7e47bb0f2aa58cd2ca3797 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 187240 d7e5a8b1a077776309282bc328aab885 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 54326 1137dd0e4209cf7edb38ff327feb342d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 121564 9e36fe3a9567176b2e224a45e55017a0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 75920 cd8854a9ae911eaa1c82eaa945b3d175 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 58720 eaf05e05f40183c066e294bec431bc61 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 119078 67a73b248bf33afee23ffb885f5d2e18 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 177716 b834ad9d37a2e3dfa44d086c6dcbfbc9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 752002 22dd063609b942c4996c56a3f74b266c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 395914 b4fde9f81a08aa112f48b38f1d7faf9c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 80530 7e55073ee6b67ba12f0ed48d0137e73c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 220582 482d21e5007a1876bf6af64e434b4942 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 59574 4f47514f7992a292c162f40f8a174ee6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 135962 0e23ea255a84c3a580e0d7e6b0da9546 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 85120 e07cf29268ba053833122cca9ed79d8d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 65990 3c4f25017e0760f4dd10404e604087a8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 134952 7096226ce8ce15dd20c6ed933888d56e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 165278 5c8580725c8a200f24173d38dfce388e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 678538 4002d8655a43f5784d5e9c95bc5b4f76 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 368726 5ee45e24f0ac54d79a55c20674b2887f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 73042 672530bb7218c04a67e23d1053757050 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 197404 ea257178102f6b7732ef12538ead3e24 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 56304 855c59021874c714bd4e2605de10d5a6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 124374 7d8f7f84b2c1648b63129ba342389d75 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 76922 142ed0e2c119d596c5437ac8f9042064 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 62350 db681a03624a21a34425fea9f6fa9ade http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 120620 ebe2ddf8dc131cf6e3322e1cb125f2f3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.diff.gz Size/MD5: 1481707 dc6dd5cd6d4a125e2fa70b9ebc3f8b12 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.dsc Size/MD5: 883 8fdcf0af1cc631c882a44ae0214e0b6f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.6_all.deb Size/MD5: 853934 f3a7a044bedb974b32a46708774ec894 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 190826 7772b734a889ea97cf052de39072cead http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 1073390 bedf0987fe159bc38c30663ad966d0ac http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 772708 5cc8e489a0f6fcca17c3e0d8b9588879 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 428050 11b4c2211b18453bd2a662a297569f49 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 81790 06f349106755cc19cfb3f29fcc7228f8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 224408 59491e595a544a84463a6deec8305f66 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 61620 f58dcb4c09e4c96f3db5bfc8172fdffa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 139116 31943a9766f657fd47ac1aded48d49d6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 87426 1033408d2692b38926947f8ae85e1515 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 68116 291db335b868748c933a7c67e6add6a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 130628 a2cb3cd3ee9ede8c3c10e695fd8148af i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 173062 e15aa9368fc4e4ef4562a23cc1780484 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 1024998 798f81a00c59842cbc2c8ea8cd4b9a5e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 673152 671e72c1eb7645dfda924c77949610dd http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 404172 445f952e23f810f6de10773a01fd68ae http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 75380 0b3cd4b087f56ebdd527d61194cf7fc0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 196506 bff3435e0da9aecff7a26d73e712937f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 57136 3fafa3cd2cd2792e740c4d6976a881de http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 129352 7e190df154981717bf711697c5042cd4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 80102 94a76cc7807e9d6598b4a452a7fbb738 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 61928 b7fdd344e683ce45be88f8fa43290175 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 122208 eb1ec6653d6d790e23dbcc14cd98f5f7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 180126 f8e5d077ee06234bbb9881beb9d49f36 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 1076974 4752e5e87fdcd67fcb0f1ee2c35ddf80 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 758400 73ed6c35fbdcf1866a65a6198df8ca82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 399112 1fdd3a0a2a45bd410a1f4e72713a0e1e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 82420 446cda40d1590c088e2fc83118a58e13 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 223182 8e6f5f3062fe3cfb113db73bc8a1a89e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 61826 b4ad931a1a1d48b668a972893502cd67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 141210 8892626a667e0010a0cba8fe19df958f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 87318 c7306114bbb195c221962abc469a1d42 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 67222 b99ea3def960bdc849376c508e263f0d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 136888 1c651e27011fa9c25ea87960b40ffe1b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 167176 0f2f57754f3e012257a6fef890a23767 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 957816 2ef6010c70801e7b0dd5e633a08e3fac http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 685238 a68016ffc9abcd0eab3f7f1ae323e83e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 374074 d5ff62adb392f5be8b29c2e1056f6f92 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 75210 9611a07b489b518605a9550b27b3dd7c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 203684 89d989c5db437eba6e9e56fc9bf7dc93 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 58980 b9d7f11d5c491595c90006ae7c039935 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 129664 acf15ad70331066092154952cbd7754a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 80428 8409c34ee32612d48e8936618118bab7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 63612 64b2987c2aee57159bc092c5fe37a25b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 122730 95db549e03f3bc30995d566f8ea7edac Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.diff.gz Size/MD5: 1589880 e20eef948656a29a255b557af6e7817b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.dsc Size/MD5: 968 971223b33ae8631f013c20a3c8867805 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4.orig.tar.gz Size/MD5: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.4-5ubuntu3.4_all.deb Size/MD5: 1806176 c34d13b6877a21c426a85719a6ecf6a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 194368 2b6345b614c38e353a3ec4abd2957e6d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 1076886 d4e2d9d77afd78df99d96a6541730527 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 772608 c3f93d5b94e84df6faac86b701f9836c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 436580 f7e6430bf6f628592596b44e7341af30 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 83772 ad232225b5bbc88f1e0f5bd55916de24 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 226770 34e47342c392be9006254e15fc0258e3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 62258 c71fecc4d7bd6e3191c08a19cbf07aa5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 141840 33ec180078e9b8e1f80fca5f26c1d558 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 88380 64572d633f1a84999b2205bd6958206c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 68890 dcabc2bcaac75b7e226c9090a82207a0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 132614 f129069e4dd68ccf7801c717603713ef i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 176870 9e0e200bdff3119ef8488f9a5bf62e7c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 1031008 8a80209f195b2eb787236e0dcd8aaa23 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 672020 7b5b4e1643b5802b2bbfab006d0e6d7a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 412036 213c308bef9eaa6762ab755da6e7442a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 77328 295e5ed2c0c2366fc6b3d343607ae431 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 199040 1b0a50f1bf8e421d9838acea254c6c26 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 57780 96ae66401532d513b4333c3429f6e2eb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 131900 fc29493488e6311a94cfa5ec2c5ac7a8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 81008 0c2bd14ee6534cad097d5d80200cc94a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 62650 8d1f1316f52fe066626f0fde07f8b990 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 124088 de985ccf04486e2043c2324affbb18af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 194590 f63db5ccc5825220d5014b1d7eda0ebe http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 1082008 3501eca4bc0d14b39fbc662ee20ab7cb http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 757006 169816425e730c69266d39518fb718f8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 429982 24a79674c75e6f9731d34468ad86e27c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 90254 936f19b572498c2de200fd3e323657de http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 240274 eb844e20839937a3ccad330429ba1840 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 65452 dffc482a088d83a0100e78e69f332bb8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 153794 308fc25b452cb374f7b45a472784761b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 96692 9566a692d6f8a6d47e9f60e25d13927d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 70680 4949b60728fc08134113f744738a293c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 150262 dbf317c0added0c3faae6710b8026fc8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 170940 967a1344994914065dc904da571a2aef http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 965784 bd503df54b8c9afcb4e5a6a375ce7fa8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 683396 939cb2731116dc8718ea4ebc996b5c7e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 380910 5b46d8169ecc2409caad5dd4feacdc2b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 79084 e3da961bcea67ff2c217008d141075cf http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 210904 688aeb4162f4dcf86768ddd299cf6625 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 60996 e20fcf5e2b4bab548fe8e0836aff86eb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 135846 55612458a19bd82331991bbb672f74e9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 84546 f1fc527ed376549516113ae94ca7d0fb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 65282 7726043628cc103faccb839be0def042 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 127130 edddba0066c5bab862847c750a231a51 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.diff.gz Size/MD5: 1674637 40fa0c4bdf307c7e5d9509be9870434e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.dsc Size/MD5: 1044 2c6766c8721cf2e3caa259cdb5badf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1.orig.tar.gz Size/MD5: 14474321 8f8d6a494380f01a7a0a9236162afa52 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.1-7ubuntu0.1_all.deb Size/MD5: 2076606 1c021446b5f479717a4998df0f87f205 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 165034 78f040deebe1683f8966347e9896fce8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 1308970 04db0004a99e7e0d01b37d922f47df1e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 88606 6509d222135bfaa05ebf79db1f63c2a7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 493016 54a329e5f8464d5f519ac225f4d5d778 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 87824 cac8d5d1297bb71c52a877cf0b85c393 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 228534 d6c15467cf49d74831ac0ea494eec6f9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 65864 563aaa90bffe6ff07ff8db56cff826f8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 185182 e1f4910f7b6fca6655696a0bb7169d7b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 91334 c1c20f704f98f19212cfa70ac9edf193 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 72950 de7748ddb5f7cd3f0744eb77770fa3e0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 137592 99c3b6d671ae7f0439f379d5b2688659 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 148364 a3e27e81c7e81f627d05c708faae402d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 1266912 2696e89ea8cf6e857e36ee740fb65ea0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 88624 9970f2076c76427dd0cbf217b6a6bba0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 462068 bd3623332d7737858d0fe5918ef8838d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 81192 d4a4e0e7358f626abc0dbb81575071f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 199624 5a24164123aaea818f2d40c41186fdf7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 61098 8cc21c42ff5dd534f7158c4c750a498e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 172178 319f2ba5ea41bb97a125049f17154ac4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 83634 049a305ea62a45ec23b65dbcd04e85fb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 66538 a0c51897ca2c55ee7ec2447465121f5e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 128624 df48b843cf7ab20fc4696d36bba2fe6e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 162676 0c11613a3d49190eb92074c27833f4c6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 1320150 c2a537a9acf0ebf7b08764506136d37e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 88634 eedc4522ba18dfed6fd2483cf8dd0379 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 482868 4d015493346726e61cd0cf9525e2b1e5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 94492 50526cbb8952316a7b9195edcf148fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 241802 99608692096cfa0e88372013a1b41517 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 68960 fc1d60376ba03106488b098f4b5ea624 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 198522 24b5f7bb74e3d978888dd1cdd065f881 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 99412 ca441f559a1e11b55c3ef52c54ede8ca http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 74666 0657bf76d80f969330c5391d65291baa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 155750 967a3ce3bc4fe5383a2a4f6a54ac686a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 145672 b78635a0dbdb4d4d76c7e6d7ee4cb2fa http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 1200060 c280c5257a62a657ba79ac09ed62e4ff http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 88620 9b75ff80509a5b3435f7d6f30b19ac9b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 431168 3c7606d6ced441110ab47b16de3542fc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 83030 cc47e0b9c435c5802a2352cb203c435c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 211104 bed40b53469b42c5a65a1f0640ae4d2f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 64404 13877024ad747d0ce0a696210217f170 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 172948 8fd8903c9b1caa12ebe73c7c6f86de98 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 87474 c3f94c62f987a7a6d50f9d5344e59cff http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 69196 97040973c460c004ee83b7ba19ddfc88 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 131692 c12abe7485457bcd0ebe5cf3ecfcc850 . It is theoretically possible for the exposed information to include secret key data on some platforms. For the stable distribution (etch), these problems have been fixed in version 1.4.4-7etch5. For the old stable distribution (sarge), these problems have been fixed in version krb5 1.3.6-2sarge6. We recommend that you upgrade your krb5 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - ---------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919 http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz Size/MD5 checksum: 673705 93382126a3c73ac44ed7daa7d85f166d http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc Size/MD5 checksum: 782 0391aaf485ef1636ef18c6ba183c3fbe Architecture independent packages: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb Size/MD5 checksum: 718916 ca2fb37b53a19207f1e1f1de90c4c1f3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 137834 d43e9d3f3ef65fe8c8cbbb7b5dcbd144 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 177730 947fb82dd795f9272935ea4cb027e543 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 124864 4f1d0aa9d18013023f4a9f2b9a10db65 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 104886 15037693de0d9dc27460d713b547872a http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 63606 c4cfe2b01bfe0b579b216210817c4fa3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 369420 c8d1eaf98400880ff82f727fe20f90cd http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 82806 30230dfe2605b88fdeac8811d408acdb http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 57048 741292984684fddae11e130dcd388161 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 652378 d8f3493f4354e0b3717ffc72d6592b88 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 216990 0df13c59411cf57b86bd94e250cf458e arm architecture (ARM) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 115684 ef39b71c5ecf4187e24d27c1111c9a54 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 633330 08566aa29ab8d56e26070137a16731a4 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 158874 4f60129aa092ea3d750deb168299abe7 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 54134 e23173f4ad3a59af03fbab0369a714a9 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 58252 255394fcc06d13b6dabc2e87c91dac02 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 198848 aaba0529c817ff11728515f5a116f71b http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 126814 85d31333aa01c4ab1f7b14ffaaa4c08b http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 74940 706b7cbfb01d66cbdb371a9019b3f725 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 329190 a661364db9bd2d5c5340a0c6a5c939f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 93938 04dc96993c79d0113a0626a4439c8cbf hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 125154 afd4a9608fff5b1b3e793881bb2c9c2c http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 64286 b85cf8b5680c12c093ff34150623a3a0 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 59368 3df43bbb40e060d0522495ff3e78412d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 669644 50027bd1d314e911c4a91647989fad1e http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 104948 a013d1818ed8d6dd7d75a8ac11e795f9 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 187304 401a8e21722c104f3d3aae86cf3640e9 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 383876 d50afad26c9a0416fe47dfdf5ff649f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 81992 b6c84f121f66616f578b13a3f0c654ca http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 139202 4972377b638f980ad757128f14132874 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 224154 8a8436e210dd8892487ea482a1de6522 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 116324 445bced4eb764a78e51b68e4d7558363 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 574784 40fa136876b3219e55de089340c0c85e http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 52890 a6ae74be5b338ab7f215d0846353833e http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 165726 4b2485d3b8a50cd61ffcd2e0748d70fe http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 349416 2f33d4592484a2adf276fd29cfe9d728 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 127878 7232e14b8bc1d78fa4346b4ed393a3b9 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 95656 00f7666dac13adf2a7bfc81c9d801f2f http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 191526 d8613e5a3d87838ee7155f54c1c12f3d http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 57762 2baa509aad5f6b837753e5a3e65e63f1 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 75890 5e52830c36794bb8ed2cdd14611ec690 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 134332 473be671406f747295c4a94d3f2ca3c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 289396 c95c79f18a2a8cb78131a35073c09ebe http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 890018 a9ca82650f5f96ac66d2b4436b0d1345 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 167350 f448dced91316668c1d33d6a0776eb2c http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 240384 5dc95c9ea35a7b052041e177114c5acf http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 79982 8980a39a06eeca5ef5adb623786742a2 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 73692 039a88dc8793fa4de6e461408cde62bd http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 105008 273a9dbaf7a4882f39ebd9de527f76fb http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 502382 97f1d32991c1778752bad887f4029990 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 165288 7d2e3c354cc50db22fc34a396902690f m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 71116 2f35c57d9f24856b013e27b0eef24a25 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 516020 203205bb2e6f66161c2aa98746687190 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 49768 39d4529ec4e27e2fdc75de762c5643fa http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 107660 0659ab018fbf062504348fc63ef97cc6 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 147864 b86ebef3ec1541aeabc20be31e503049 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 305872 1fc4f6385b5196c1c892731eac06f5b3 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 122106 c60b71edc9196adda91d40c4b84a908e http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 174180 6d750c072a8d641bd661ea5c688199f3 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 53478 74055ea66e27e24d79c824691da8fe0f http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 88692 074a5c747c652e7ce8d911077ca5586c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 145108 f432457761497dcfd8e1ba6fe7ac43fa http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 164386 512e3b183ffc5f121f82981f32235377 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 57750 d827cf9980ed4eba196dedf93e7d9b5d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 680860 b4718176172f14d54d2a4662ae28e534 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 128738 a9592a522e7cc0f6db4c121ac04db438 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 65060 9b5613121aff8f341cb2dc3786b28d78 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 103404 eb3ca8cddb900bd4dfdb10b67ca9622c http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 225708 d09d386a5705b48584ffd51b0127883d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 355178 359ca6a220b6a9e7af7b949e7a64fb5d http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 80956 407fec89580608afebb4ff89d95bdf72 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 146678 76f8820a81a1c068ab60348f1302d087 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 103808 db8b0c06f58646093ca80554061cc0d1 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 65266 c27b18832cafb60109ba97e529706a53 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 226540 0ddfa3be4f63eeb0066682928c193996 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 82060 2479f67cadc3533fb499507fc1977b5d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 355120 d1644230bb4cc0788a04f5f0c8eb961c http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 58164 5dcd7db602701983272b2fbb0db88864 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 130098 472042e34a7ac48352205df510767ddd http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 165632 3074194d27a16bd4e737a9462d6a217a http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 682776 b0046283d8860fc6c8fe968b335ff463 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 61758 9496fefe85772ad549b84ae523c56e77 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 217812 c5aa73b8513a3698002cc3cedfeff012 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 105320 3677c003bd4c271bbe3daef5cf8f52df http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 143838 61244dbf640bd19ee1cc738ee7b44b34 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 57018 9afa2ba534be545b9d76d1f69c8e5468 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 165746 74c29add119101782727226dc9200db0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 634906 93dd67378ead6cb763cc304516cbf632 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 353104 c5b16a1f26d01435b2bcb540b5b97730 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 82702 f728717a6a25b233526ad69934e376f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 126246 da0e3adca803929ae44fad884949cbe2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 214176 9c4b2684ce790d6544d078efde32f5d3 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 132996 1ed627f09d5b25bb3eaaaa4148207d7f http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 63428 332d6f0c94eabdca1df666a3ec0c6184 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 57214 f518a8dd4336c3916bb8c533bd8b6301 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 624898 27ed5f1406b97c3a429ed6cc41a5421a http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 99652 0e49258823390960faaf06522ab8f1cc http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 376188 ec0fdc218fbe9c53fa5aaec87667b5a7 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 82370 3a26a1e22c24add8b16498a641444a77 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 180336 34967e4eb80a75b18a23a9f3bf05bb5f http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 121318 883136f99bce1a8f9f413dc3d68f5762 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 576786 3c142ce93bd9b408ea9a6d6046e3d067 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 58950 91be8dfc1160f334f0ed514eaeddb3c4 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 53520 89ceeef920ad596b129365a1f6876818 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 73596 cca4a24557097c3be9dc611d686d0688 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 93348 0a954f5b7f637eeaea3b656699314b99 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 114068 e7a1986874465f458987516f27a705d1 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 157712 2c8a0b75fc4982ee9265d2dd8cab2cc4 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 126780 d6faa238b06d1ff65c6b20b54c7b4fac http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 194584 39322280b333988d5cce973c7c00cdad http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 330436 27d8b24e5a2bbb57d8078c7b1d391d53 Debian 4.0 (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc Size/MD5 checksum: 876 e8f30ac6b710091985a2b669632ca174 http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz Size/MD5 checksum: 1590551 c7d7bfb6aa34876ec8b5d0767ed65c2d Architecture independent packages: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb Size/MD5 checksum: 1806352 0e3b03d93b1a62a41f9d004d3f6a69eb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 76136 61c8f8b99cd2c5e08fe20121d5a33119 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 461032 12fe64d352941f674f01b875532ec91f http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 91648 ee8cf04beb8687f4afc0684fbed232e9 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 1087614 dc627be2679028513f541ab0db184758 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 245650 57d128cab47e74d75ad56da8b81866fe http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 154868 4cac528d66a64df26a385bb15552061c http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 136110 a0d904994baba8064c640014e238020c http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 216328 7e96a8117e5397282f9027dc99fee308 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 89690 a14489d539fc5274175e92b8c1f99cc4 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 65866 c153e17e3514e566d1b719bd4941c3f2 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 1017046 543b2403aee468ad0a1692708de9a587 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 83852 4e7e51683f130dfdbaaaa2b6bbdfd70b http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 61474 5ed45d3180ad5cda0839f53d8d9fc716 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 768634 4f227f866f481d0a11a90b1a41d14bbb http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 141926 5944b339ff70c630a2d04026dc8a436c http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 68170 d5b5cc9a99c26889dcf685f88cc92a9a http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 129822 8f01b6b85827382fcb2ac54b561a1ec0 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 222262 b16ea5bddeb302c73844a465d5b27020 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 1072208 5458abcef1aa9174a703a51d9910bf42 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 190378 b663d232374d5d8ea6a1aeb6596e1e66 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 426424 39665f5600ac062e43d78823f79016a6 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 86108 786e35f5915b137445eb034ef1f53eee arm architecture (ARM) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb Size/MD5 checksum: 1013602 3087dae461053141fd9099ba1bf1f520 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb Size/MD5 checksum: 63418 6d76005bc5336972fff07aa9961bcbca http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb Size/MD5 checksum: 682712 20f548e7e7fe59ffc450c46c58b73fd1 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb Size/MD5 checksum: 136110 b1774fea7cea371790dc1d7b9a293395 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb Size/MD5 checksum: 173154 785af0fd07d78658edb4a4c25082ca22 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb Size/MD5 checksum: 59834 e369f2b68c8090e91191718d207da76d http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb Size/MD5 checksum: 206238 c69f58637e68a2d455750e32b5b770c0 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb Size/MD5 checksum: 390054 b972d264ad97b69120ee4e4d898f3055 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb Size/MD5 checksum: 81426 82979ab1f34edf407dc1a32f4be2a911 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb Size/MD5 checksum: 123540 f9534a82bfa054018029c9a3934fc121 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb Size/MD5 checksum: 78826 62163e751d27902012a16758fbbf67e0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 1050680 8ea8f26032837464c794e615623ac59e http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 87564 ec92090e89dc2c03500c52cbd188e4c3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 441724 6cc26ce6c3e4fa233222786b15bc08ac http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 64206 fa4e68946117f10d2dbbcea75fabe5d0 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 132802 23e6e453b5943c8df76fd87a18fe2182 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 85370 9011819683422a091d363e0d0064e82e http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 815220 652f24a16193c3d8bf9f128000888850 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 145028 88cb8fd42c037cca495bb200a8d5bacd http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 69692 0ce8e82456cc62420ba31f7ce0aa3a39 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 201216 b7aa6c970117a632b2e60d14829ba7b7 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 232082 7a823371e31f4b3e937a4e9d7a83d09b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb Size/MD5 checksum: 80306 8c8461beb8bd866080134bf1a25ef557 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb Size/MD5 checksum: 62446 22a83f7567df841b9f34ffc133534a64 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb Size/MD5 checksum: 133360 5e72e490c20ac03f49b7fd6921047048 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb Size/MD5 checksum: 680166 991c24aa3b8e2d82f07e49865d70119b http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb Size/MD5 checksum: 408376 f375a2157e2b1de2eadecbb2f03c8637 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb Size/MD5 checksum: 174112 f9efe4ee2c52dba6806f548d778e0f53 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb Size/MD5 checksum: 58050 b99734e1b92043a8cc816c588b04fce5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb Size/MD5 checksum: 196558 0b03b5d3920efa1c5efbf8cbe3901f15 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb Size/MD5 checksum: 124206 21cc6d63e1eeaeb9deb70e227d61d84b http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb Size/MD5 checksum: 1037936 a1a2470171c5403563ed285be9caaa9a http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb Size/MD5 checksum: 78598 80b9f57c39a90e17b67480271ec8cc2a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 305920 940370e13598d9c00b123f97aa3f09ad http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 164602 6dd81cf1a5487ad63e2ab3cf1ce342f1 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 112994 4ccb79847d301064e5e6496f2577b5e5 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 80324 88cc01f93ed8fe3b9c9861176050f004 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 105592 8745ddb42d7cb7afb95ef4f946a26c60 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 1088562 0d2cdc97965b7827a78bca972aed38fd http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 91338 40c9d44d05f3262c1a5d6950c4255e16 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 269600 4acf36a3831bd4d2bb0af4d9130d0f27 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 1043576 6e487c186d462bc98b8ccdfbb5891324 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 190500 4cc37a9cd6bb13da4ca73f87b60738d3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 592208 ac3bd63fc244d99757d33c8b8fa8f745 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb Size/MD5 checksum: 71184 99f78076e71ddc74b7809de695945048 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb Size/MD5 checksum: 128534 d08156f659ccfaa953e612ab0f1be1e0 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb Size/MD5 checksum: 86416 a0ccc69288f43974099646a0b4df2702 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb Size/MD5 checksum: 807408 caa736a161edf63d4b7b0200642293cc http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb Size/MD5 checksum: 81794 820abd7cda885cfbcd651eeb819b6ea2 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb Size/MD5 checksum: 176908 eb82211002e6f5fa451b8c6fc72cd8c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb Size/MD5 checksum: 230468 6498dab212c73d4c618a77b105d40302 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb Size/MD5 checksum: 389766 cb2be7e8aa8890f3011c7721474048cb http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb Size/MD5 checksum: 145004 1d8436cb03bf8df56127ab37a1787096 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb Size/MD5 checksum: 62920 610d234fcd0e209b0d2e6c0f3be39f6b http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb Size/MD5 checksum: 1112710 5b98f43fa267c04b32bc96927ad868a2 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 87478 dce62567d27548de56ad38615fd5a8fe http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 71596 8cfffdf23386228753133a6d675a75dc http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 131106 22011c6b9dfeaf6318baffbb40b4b005 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 63834 9a2e78369d8fa1d0d8688eb48e443518 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 810348 c36eb2099ac9fd31e57d5693ec8eb92b http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 82652 3699856d5fe3d28c74e0e66469d05859 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 1087382 a5cac22f1da48cbb4c80f7f736b70b2f http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 179494 4a1d3e8cc558c330b9f4a6bded87913b http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 145716 1f45bb37dd7e13ea4c6b21f52c43c657 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 232788 88bc4c67b09b541769a7a00abc5d2688 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 391848 05272bb8eb78e5e3fa374c9cb6597403 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 222776 d87408739c95de5b207a88550278a0d0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 1083104 a5a89067cd381199a75e9751be977884 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 143844 488e4411a9d507c14961e8c1a867a18b http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 84364 fd1d52f855615c98fc8d207dcea36d2f http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 137308 16ac4ae9b3a4eec6e584d4b9902771ed http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 399370 2c4951062f1fa124af1a36a8b0c1e761 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 86864 33e72918f1ae2f968537d4e3328237b8 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 67384 3547b618672d7e775018128fa421551d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 753506 cdc2c41be06d280160c3f7ee8b7f3417 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 61930 dad1ac368a357004137a4beaf0a4f8ba http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 179574 499b4b287b5726f7a8afea620d5606c5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb Size/MD5 checksum: 63392 7e446e33886543cc1432026dbde49ea8 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb Size/MD5 checksum: 87886 02735411cb4acaa71b8aa72bf7d9683d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb Size/MD5 checksum: 438990 5aacff7c6ec54f708cb98fa0718bfcc0 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb Size/MD5 checksum: 129266 31c153db1328ee93b97e64bdb01a3cc3 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb Size/MD5 checksum: 195506 d3175c75393ac80363919b170e1446e0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb Size/MD5 checksum: 1073530 ac4c767b43f20d304e9683ebfddf3a68 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb Size/MD5 checksum: 224438 5a59744997773137c0409af842e7fdf0 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb Size/MD5 checksum: 68782 57ed0962a4cf4f2f7c7d60edf52449ed http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb Size/MD5 checksum: 140470 8fd23a0ec4c4b5c81c48d7b0228a5fa8 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb Size/MD5 checksum: 82118 7a84a0ceeb5110380a231be90d6f36ce http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb Size/MD5 checksum: 733368 6a3ea5e404cebc11888aaad6fdc2cedd sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 131724 561314d157da780fc7de7c06524e8a3c http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 77124 6de298978f0404514a0b16d863efa276 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 961534 754258b22c1eaf83c3167775c3138a58 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 372674 20c48448253a262988a3ca876cfb2931 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 123040 00e2f8c76353547804f9ff516de1f65d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 680434 6bf7c8d82d481a8d6d9d784f5ed617ec http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 58242 f7e89e959e30e2bd36ac3ce1191a7711 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 63800 21beab0b247e7bdeea2004876f388c59 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 166710 b5127d835935bee8ce49a1154e5fa2eb http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 200282 49524ee10fb4d4e7be223a1f25dffba7 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 78204 2462352e5493e856bd8a784ca49f95f0 These files will probably be moved into the stable distribution on its next update. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm 2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm 734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm 787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: krb5 Announcement ID: SUSE-SA:2008:016 Date: Wed, 19 Mar 2008 10:00:00 +0000 Affected Products: SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 7 SUSE Default Package: no Cross-References: CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 Content of This Advisory: 1) Security Vulnerability Resolved: Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The krb5 package is the implementation of the Kerberos protocol suite from MIT. This update fixes three vulnerabilities, two of them are only possible if krb4 support is enabled: - CVE-2008-0062: null/dangling pointer (krb4) - CVE-2008-0063: operations on uninitialized buffer content, possible information leak (krb4) - CVE-2008-0947/8: out-of-bound array access in kadmind's RPC lib 2) Solution or Work-Around Please install the new packages. 3) Special Instructions and Notes Please restart the kerberos services. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-1.6.2-22.4.i586.rpm 53f6c9b454e27c47ec4cb32679757c48 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-apps-clients-1.6.2-22.4.i586.rpm 66ee0e785595b000842c5cd2c9162c55 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-apps-servers-1.6.2-22.4.i586.rpm f3fba89b56860b8f46691c69bba8b3c7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-client-1.6.2-22.4.i586.rpm 193a8298aa8bb866e19e0c48f23e523e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-devel-1.6.2-22.4.i586.rpm a9b01b5c846e02c588664cddcae4c5c6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-server-1.6.2-22.4.i586.rpm ff536136c01b5f900aebe6fdc1ec62e6 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-1.5.1-23.14.i586.rpm 5764e87b834c6a5b8a467fa6aa8ec40e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-clients-1.5.1-23.14.i586.rpm 94db70009c4c6e099a9807584c701686 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-servers-1.5.1-23.14.i586.rpm 5881c8be92dc3eb215a1e837b6468922 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-client-1.5.1-23.14.i586.rpm c45980b430614c2371dd1ad4f8d21a34 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-devel-1.5.1-23.14.i586.rpm 1c6a45d60e5eabffedc2c1e3e755ac73 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-server-1.5.1-23.14.i586.rpm 03793b23aced1c01d9e2817648d7c777 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-1.4.3-19.30.6.i586.rpm 51d1c53aaf25a36dd1e2e74662cbabd9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-clients-1.4.3-19.30.6.i586.rpm 6b4d89a932988685993dba1e87aea95f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-servers-1.4.3-19.30.6.i586.rpm c7ff44ef5a8453d5223da71d670fdea4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-client-1.4.3-19.30.6.i586.rpm bc0456ed7708ee3ffdc2501e849e9dbe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-devel-1.4.3-19.30.6.i586.rpm 9942cbbfd032ea80d8a20daa34ce5374 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-server-1.4.3-19.30.6.i586.rpm d4596d47caafa6ea4ee4b4f4e218f831 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-1.6.2-22.4.ppc.rpm f0d1399edebb3e1d715d84568065130a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-apps-clients-1.6.2-22.4.ppc.rpm 8e444214994c1e7297b5332d96967ec0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-apps-servers-1.6.2-22.4.ppc.rpm 2eecfe960c969bf3a3dcce2fcab010f0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-client-1.6.2-22.4.ppc.rpm 8052a7d7a942545a46fa5e962c562ab8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-devel-1.6.2-22.4.ppc.rpm 6a118f48123ebfc23715bf797bf8b7d0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-server-1.6.2-22.4.ppc.rpm fd8f73d6d8757d9ce3dea43997b56b0c openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-1.5.1-23.14.ppc.rpm 04289bb24041d226f27eb92025b25463 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-apps-clients-1.5.1-23.14.ppc.rpm 731ea1ef473c0d1c8990a8045a9fe587 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-apps-servers-1.5.1-23.14.ppc.rpm f911f86a0d2e8c9da16930525bd8b163 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-client-1.5.1-23.14.ppc.rpm a4c560015bbaddcbc88603e1e194146e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-devel-1.5.1-23.14.ppc.rpm 64d0f163ebff972f2e70c6cc4d760555 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-server-1.5.1-23.14.ppc.rpm 8b06dc5e5ac5b3fa410559017403378a SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-1.4.3-19.30.6.ppc.rpm ae1652f3ea622c5c91b0fd1d47b066ef ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-apps-clients-1.4.3-19.30.6.ppc.rpm a389841f387e37732c80d9d5095f9ae6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-apps-servers-1.4.3-19.30.6.ppc.rpm cb6b4e402570e45767c5ae7a5c26e34c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-client-1.4.3-19.30.6.ppc.rpm 3a2c13bc932e84f7a451f3a2c77c99f0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-devel-1.4.3-19.30.6.ppc.rpm b34f9511e269e0dfc2896ac88cf41cce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-server-1.4.3-19.30.6.ppc.rpm 0263cbb8f0f41e50dacfed082eca0835 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-1.6.2-22.4.x86_64.rpm 6df39c9ddfb04cd4889b5f4bb271213a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-32bit-1.6.2-22.4.x86_64.rpm 77ba221640964cc90ad8e0010ad5c07e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-apps-clients-1.6.2-22.4.x86_64.rpm fccb50e18045baa2c78165f20eb13eec http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-apps-servers-1.6.2-22.4.x86_64.rpm 3bfd6270a31f2a6a35728bcd274ae327 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-client-1.6.2-22.4.x86_64.rpm 53b3634e9e92255b62a932ed6d30742d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-devel-1.6.2-22.4.x86_64.rpm 54071b2e12004117b0599f53c4a6027b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-devel-32bit-1.6.2-22.4.x86_64.rpm 07069062d1e7b140c6774cc2aaa821d5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-server-1.6.2-22.4.x86_64.rpm b07d395220662db193b6f54753931ccc openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-1.5.1-23.14.x86_64.rpm 3f2d8918cf5da2cab839bf2c72af1495 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-32bit-1.5.1-23.14.x86_64.rpm 4348a17ec69b6c64c69e11f74fa88a08 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-clients-1.5.1-23.14.x86_64.rpm 433ffcced3ede0163628854ae3296baf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-servers-1.5.1-23.14.x86_64.rpm c24ab880f1314c1d25f3e9561b204c10 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-client-1.5.1-23.14.x86_64.rpm 6022c2534c50718a2a4fd18fde346daf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-1.5.1-23.14.x86_64.rpm d82a0204e6e0f5e9d6bcd8f60aa4fbde ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-32bit-1.5.1-23.14.x86_64.rpm 17dc2896ebc7f252e39fc8e23a41abc1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-server-1.5.1-23.14.x86_64.rpm 45596c22ec6d0c1eebf42f683e4e0cd4 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-1.4.3-19.30.6.x86_64.rpm 684c7d1363494a7854afd3755bdb2a20 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-32bit-1.4.3-19.30.6.x86_64.rpm b8552a99f0785f1eee434f6d7293731a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-apps-clients-1.4.3-19.30.6.x86_64.rpm 060fac873ba1bc13e4b5b813ae6a6cd2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-apps-servers-1.4.3-19.30.6.x86_64.rpm 28235a5328a8a982e2a1784793a17863 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-client-1.4.3-19.30.6.x86_64.rpm 056f5e479561d2b831e3dd969261f8de ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-1.4.3-19.30.6.x86_64.rpm d81c85af0ca1812c273bbd1c6ddf3cb1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-32bit-1.4.3-19.30.6.x86_64.rpm d17b2d40649a83e28afd6a7a3dec96d6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-server-1.4.3-19.30.6.x86_64.rpm dd8096c153fb51bdd67352cbe8a51953 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/krb5-1.6.2-22.4.src.rpm 6ead1c530f58e6255b1c9ba1b78eb3ae openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/krb5-1.5.1-23.14.src.rpm add4417c6743a6dd26f35182e85ee956 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/krb5-1.4.3-19.30.6.src.rpm 2185d5b60fe733640f16a3a561ec6888 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: Please read our weekly security report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. ===================================================================== SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues Issue date: 2008-06-04 Updated on: 2008-06-04 (initial release of advisory) CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097 CVE-2008-2100 CVE-2006-1721 CVE-2008-0553 CVE-2007-5378 CVE-2007-4772 CVE-2008-0888 CVE-2008-0062 CVE-2008-0063 CVE-2008-0948 - ------------------------------------------------------------------- 1. Summary: Several critical security vulnerabilities have been addressed in patches in ESX and in the newest releases of VMware's hosted product line. 2. Relevant releases: VMware Workstation 6.0.3 and earlier, VMware Workstation 5.5.6 and earlier, VMware Player 2.0.3 and earlier, VMware Player 1.0.6 and earlier, VMware ACE 2.0.3 and earlier, VMware ACE 1.0.5 and earlier, VMware Server 1.0.5 and earlier, VMware Fusion 1.1.1 and earlier VMware ESXi 3.5 without patches ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG, ESX350-200805501-BG, ESX350-200805504-SG, ESX350-200805506-SG, ESX350-200805505-SG, ESX350-200805507-SG VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216, ESX-1004726, ESX-1004722, ESX-1004724, ESX-1004719, ESX-1004219 VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725, ESX-1004721, ESX-1004723, ESX-1004190, ESX-1004189 VMware ESX 2.5.5 without update patch 8 VMware ESX 2.5.4 without update patch 19 NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products. ESX 3.0.1 is in Extended Support and its end of extended support (Security and Bug fixes) is 2008-07-31. Users should plan to upgrade to at least 3.0.2 update 1 and preferably the newest release available before the end of extended support. ESX 2.5.4 is in Extended Support and its end of extended support (Security and Bug fixes) is 2008-10-08. Users should plan to upgrade to at least 2.5.5 and preferably the newest release available before the end of extended support. 3. Problem description: a. VMware Tools Local Privilege Escalation on Windows-based guest OS The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn't matter on what host the Windows guest OS is running, as this is a guest driver vulnerability and not a vulnerability on the host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product. NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system. VMware would like to thank iDefense and Stephen Fewer of Harmony Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= Workstation 6.x Windows not affected Workstation 6.x Linux not affected Workstation 5.x Windows 5.5.6 build 80404 or later Workstation 5.x Linux 5.5.6 build 80404 or later Player 2.x Windows not affected Player 2.x Linux not affected Player 1.x Windows 1.0.6 build 80404 or later Player 1.x Linux 1.0.6 build 80404 or later ACE 2.x Windows not affected ACE 1.x Windows 1.0.5 build 79846 or later Server 1.x Windows 1.0.5 build 80187 or later Server 1.x Linux 1.0.5 build 80187 or later Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX not affected ESX 3.0.2 ESX ESX-1004727 ESX 3.0.1 ESX ESX-1004186 ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later b. Privilege escalation on ESX or Linux based hosted operating systems This update fixes a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. In order to exploit this vulnerability, an attacker must have local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user. VMware would like to thank iDefense for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= Workstation 6.x Windows not affected Workstation 6.x Linux 6.0.4 build 93057 Workstation 5.x Windows not affected Workstation 5.x Linux 5.5.7 build 91707 Player 2.x Windows not affected Player 2.x Linux 2.0.4 build 93057 Player 1.x Windows not affected Player 1.x Linux 1.0.7 build 91707 ACE 2.x Windows not affected ACE 1.x Windows not affected Server 1.x Windows not affected Server 1.x Linux 1.0.6 build 91891 Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi ESXe350-200805501-I-SG ESX 3.5 ESX ESX350-200805515-SG ESX 3.0.2 ESX ESX-1004821 ESX 3.0.1 ESX ESX-1004728 ESX 2.5.5 ESX ESX 2.5.5 update patch 8 ESX 2.5.4 ESX ESX 2.5.4 update patch 19 c. Openwsman Invalid Content-Length Vulnerability Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the VMware Management Service Console and in ESXi. The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable to a privilege escalation vulnerability, which may allow users with non-privileged ESX or Virtual Center accounts to gain root privileges. To exploit this vulnerability, an attacker would need a local ESX account or a VirtualCenter account with the Host.Cim.CimInteraction permission. Systems with no local ESX accounts and no VirtualCenter accounts with the Host.Cim.CimInteraction permission are not vulnerable. This vulnerability cannot be exploited by users without valid login credentials. Discovery: Alexander Sotirov, VMware Security Research The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2097 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi ESXe350-200805501-I-SG ESX 3.5 ESX ESX350-200805508-SG ESX 3.0.2 ESX not affected ESX 3.0.1 ESX not affected ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected NOTE: VMware hosted products are not affected by this issue. d. VMware VIX Application Programming Interface (API) Memory Overflow Vulnerabilities The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. Multiple buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system. The VIX API can be enabled and disabled using the "vix.inGuest.enable" setting in the VMware configuration file. This default value for this setting is "disabled". This configuration setting is present in the following products: VMware Workstation 6.0.2 and higher VMware ACE 6.0.2 and higher VMware Server 1.06 and higher VMware Fusion 1.1.2 and higher ESX Server 3.0 and higher ESX Server 3.5 and higher In previous versions of VMware products where the VIX API was introduced, the VIX API couldn't be disabled. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz Workstation 6.x Windows 6.0.4 build 93057 Workstation 6.x Linux 6.0.4 build 93057 Workstation 5.x Windows 5.5.7 build 91707 Workstation 5.x Linux 5.5.7 build 91707 Player 2.x Windows 2.0.4 build 93057 Player 2.x Linux 2.0.4 build 93057 Player 1.x Windows 1.0.6 build 91707 Player 1.x Linux 1.0.6 build 91707 ACE 2.x Windows 2.0.4 build 93057 ACE 1.x Windows not affected Server 1.x Windows 1.0.6 build 91891 Server 1.x Linux 1.0.6 build 91891 Fusion 1.x Mac OS/X 1.1.2 build 87978 or later ESXi 3.5 ESXi ESXe350-200805501-I-SG, ESXe350-200805502-T-SG ESX 3.5 ESX ESX350-200805501-BG ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727 ESX 3.0.1 ESX ESX-1004186, ESX-1004725 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected II Service Console rpm updates NOTE: ESXi and hosted products are not affected by any service console security updates a. Security update for cyrus-sasl Updated cyrus-sasl package for the ESX Service Console corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). As a result of this issue in the authentication mechanism, a remote unauthenticated attacker might be able to cause a denial of service error on the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-1721 to this issue. RPMs Updated: cyrus-sasl-2.1.15-15.i386.rpm cyrus-sasl-md5-2.1.15-1.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805504-SG ESX 3.0.2 ESX ESX-1004722 ESX 3.0.1 ESX ESX-1004721 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected b. Security update for tcltk An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0553 to this issue. A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5378 to this issue. A flaw first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4772 to this issue. RPM Updated: tcl-8.3.5-92.8.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805506-SG ESX 3.0.2 ESX ESX-1004724 ESX 3.0.1 ESX ESX-1004723 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 c. Security update for unzip This patch includes a moderate security update to the service console that fixes a flaw in unzip. An attacker could execute malicious code with a user's privileges if the user ran unzip on a file designed to leverage this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0888 to this issue. RPM Updated: Unzip-5.50-36.EL3.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805505-SG ESX 3.0.2 ESX ESX-1004719 ESX 3.0.1 ESX ESX-1004190 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 d. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0062 to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0948 to this issue. RPM Updated: krb5-libs-1.2.7-68.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805507-SG ESX 3.0.2 ESX ESX-1004219 ESX 3.0.1 ESX ESX-1004189 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 4. Solution: Please review the release notes for your product and version and verify the md5sum of your downloaded file. VMware Workstation 6.0.4 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Windows binary md5sum: f50a05831e94c19d98f363c752fca5f9 RPM Installation file for 32-bit Linux md5sum: e7793b14b995d3b505f093c84e849421 tar Installation file for 32-bit Linux md5sum: a0a8e1d8188f4be03357872a57a767ab RPM Installation file for 64-bit Linux md5sum: 960d753038a268b8f101f4b853c0257e tar Installation file for 64-bit Linux md5sum: 4697ec8a9d6c1152d785f3b77db9d539 VMware Workstation 5.5.7 ------------------------ http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Windows binary: md5sum: 4c6a6653b7296240197aac048591c659 Compressed Tar archive for 32-bit Linux md5sum: 8fc15d72031489cf5cd5d47b966787e6 Linux RPM version for 32-bit Linux md5sum: f0872fe447ac654a583af16b2f4bba3f VMware Player 2.0.4 and 1.0.7 ----------------------------- http://www.vmware.com/download/player/ Release notes Player 1.x: http://www.vmware.com/support/player/doc/releasenotes_player.html Release notes Player 2.0 http://www.vmware.com/support/player2/doc/releasenotes_player2.html 2.0.4 Windows binary md5sum: a117664a8bfa7336b846117e5fc048dd VMware Player 2.0.4 for Linux (.rpm) md5sum: de6ab6364a0966b68eadda2003561cd2 VMware Player 2.0.4 for Linux (.tar) md5sum: 9e1c2bfda6b22a3fc195a86aec11903a VMware Player 2.0.4 - 64-bit (.rpm) md5sum: 997e5ceffe72f9ce9146071144dacafa VMware Player 2.0.4 - 64-bit (.tar) md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef 1.0.7 Windows binary md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c Player 1.0.7 for Linux (.rpm) md5sum: 3b5f97a37df3b984297fa595a5cdba9c Player 1.0.7 for Linux (.tar) md5sum: b755739144944071492a16fa20f86a51 VMware ACE ---------- http://www.vmware.com/download/ace/ Release notes 2.0: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html VMware-workstation-6.0.4-93057.exe md5sum: f50a05831e94c19d98f363c752fca5f9 VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip md5sum: d2ae2246f3d87268cf84c1421d94e86c VMware-ACE-Management-Server-2.0.4-93057.exe md5sum: 41b31b3392d5da2cef77a7bb28654dbf VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm md5sum: 9920be4c33773df53a1728b41af4b109 VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm md5sum: 4ec4c37203db863e8844460b5e80920b Release notes 1.x: http://www.vmware.com/support/ace/doc/releasenotes_ace.html VMware-ACE-1.0.6-89199.exe md5sum: 110f6e24842a0d154d9ec55ef9225f4f VMware Server 1.0.6 ------------------- http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server/doc/releasenotes_server.html VMware Server for Windows 32-bit and 64-bit md5sum: 3e00d5cfae123d875e4298bddabf12f5 VMware Server Windows client package md5sum: 64f3fc1b4520626ae465237d7ec4773e VMware Server for Linux md5sum: 46ea876bfb018edb6602a921f6597245 VMware Server for Linux rpm md5sum: 9d2f0af908aba443ef80bec8f7ef3485 Management Interface md5sum: 1b3daabbbb49a036fe49f53f812ef64b VMware Server Linux client package md5sum: 185e5b174659f366fcb38b1c4ad8d3c6 VMware Fusion 1.1.3 -------------- http://www.vmware.com/download/fusion/ Release notes: http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html md5sum: D15A3DFD3E7B11FC37AC684586086D VMware VIX 1.1.4 ---------------- http://www.vmware.com/support/developer/vix-api/ Release notes: http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html VMware-vix-1.1.4-93057.exe md5sum: 2efb74618c7ead627ecb3b3033e3f9f6 VMware-vix-1.1.4-93057.i386.tar.gz md5sum: 988df2b2bbc975a6fc11f27ad1519832 VMware-vix-1.1.4-93057.x86_64.tar.gz md5sum: a64f951c6fb5b2795a29a5a7607059c0 ESXi ---- VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX) http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip md5sum: 4ce06985d520e94243db1e0504a56d8c http://kb.vmware.com/kb/1005073 http://kb.vmware.com/kb/1004173 http://kb.vmware.com/kb/1004172 NOTE: ESXe350-200805501-O-SG contains the following patch bundles: ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG ESX --- VMware ESX 3.5 patch ESX350-200805515-SG (authd) http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip md5sum: 324b50ade230bcd5079a76e3636163c5 http://kb.vmware.com/kb/1004170 VMware ESX 3.5 patch ESX350-200805508-SG (openwsman) http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12 http://kb.vmware.com/kb/1004644 VMware ESX 3.5 patch ESX350-200805501-BG (VIX) http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip md5sum: 31a620aa249c593c30015b5b6f8c8650 http://kb.vmware.com/kb/1004637 VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl) http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip md5sum: 4c1b1a8dcb09a636b55c64c290f7de51 http://kb.vmware.com/kb/1004640 VMware ESX 3.5 patch ESX350-200805506-SG (tcltk) http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip md5sum: af279eef8fdeddb7808630da1ae717b1 http://kb.vmware.com/kb/1004642 VMware ESX 3.5 patch ESX350-200805505-SG (unzip) http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6 http://kb.vmware.com/kb/1004641 VMware ESX 3.5 patch ESX350-200805507-SG (krb5) http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip md5sum: 5d35a1c470daf13c9f4df5bdc9438748 http://kb.vmware.com/kb/1004643 VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004727.tgz md5sum: 31a67b0fa3449747887945f8d370f19e http://kb.vmware.com/kb/1004727 VMware ESX 3.0.2 patch ESX-1004821 (authd) http://download3.vmware.com/software/vi/ESX-1004821.tgz md5sum: 5c147bedd07245c903d44257522aeba1 http://kb.vmware.com/kb/1004821 VMware ESX 3.0.2 patch ESX-1004216 (VIX) http://download3.vmware.com/software/vi/ESX-1004216.tgz md5sum: 0784ef70420d28a9a5d6113769f6669a http://kb.vmware.com/kb/1004216 VMware ESX 3.0.2 patch ESX-1004726 (VIX) http://download3.vmware.com/software/vi/ESX-1004726.tgz md5sum: 44f03b274867b534cd274ccdf4630b86 http://kb.vmware.com/kb/1004726 VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004722.tgz md5sum: 99dc71aed5bab7711f573b6d322123d6 http://kb.vmware.com/kb/1004722 VMware ESX 3.0.2 patch ESX-1004724 (tcltk) http://download3.vmware.com/software/vi/ESX-1004724.tgz md5sum: fd9a160ca7baa5fc443f2adc8120ecf7 http://kb.vmware.com/kb/1004724 VMware ESX 3.0.2 patch ESX-1004719 (unzip) http://download3.vmware.com/software/vi/ESX-1004719.tgz md5sum: f0c37b9f6be3399536d60f6c6944de82 http://kb.vmware.com/kb/1004719 VMware ESX 3.0.2 patch ESX-1004219 (krb5) http://download3.vmware.com/software/vi/ESX-1004219.tgz md5sum: 7c68279762f407a7a5ee151a650ebfd4 http://kb.vmware.com/kb/1004219 VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004186.tgz md5sum: f64389a8b97718eccefadce1a14d1198 http://kb.vmware.com/kb/1004186 VMware ESX 3.0.1 patch ESX-1004728 (authd) http://download3.vmware.com/software/vi/ESX-1004728.tgz md5sum: 1f01bb819805b855ffa2ec1040eff5ca http://kb.vmware.com/kb/1004728 VMware ESX 3.0.1 patch ESX-1004725 (VIX) http://download3.vmware.com/software/vi/ESX-1004725.tgz md5sum: 9fafb04c6d3f6959e623832f539d2dc8 http://kb.vmware.com/kb/1004725 VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004721.tgz md5sum: 48190819b0f5afddefcb8d209d12b585 http://kb.vmware.com/kb/1004721 VMware ESX 3.0.1 patch ESX-1004723 (tcltk) http://download3.vmware.com/software/vi/ESX-1004723.tgz md5sum: c34ca0a5886e0c0917a93a97c331fd7d http://kb.vmware.com/kb/1004723 VMware ESX 3.0.1 patch ESX-1004190 (unzip) http://download3.vmware.com/software/vi/ESX-1004190.tgz md5sum: 05187b9f534048c79c62741367cc0dd2 http://kb.vmware.com/kb/1004190 VMware ESX 3.0.1 patch ESX-1004189 (krb5) http://download3.vmware.com/software/vi/ESX-1004189.tgz md5sum: 21b620530b99009f469c872e73a439e8 http://kb.vmware.com/kb/1004189 VMware ESX 2.5.5 Upgrade Patch 8 http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e http://vmware.com/support/esx25/doc/esx-255-200805-patch.html VMware ESX 2.5.4 Upgrade Patch 19 http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz md5sum: 442788fd0bccb0d994c75b268bd12760 http://vmware.com/support/esx25/doc/esx-254-200805-patch.html 5. References: CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948 6. Change log: 2008-06-04 VMSA-2008-0009 Initial release - ------------------------------------------------------------------- 7. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce@lists.vmware.com * bugtraq@securityfocus.com * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj CZvxoXw/sZxDCSDjVzYAhrA= =s04s -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Multiple vulnerabilities Date: March 24, 2008 Bugs: #199205, #212363 ID: 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilites have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges. Background ========== MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). * Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). These bugs can only be triggered when Kerberos 4 support is enabled. The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. Workaround ========== Kerberos 4 support can be disabled via disabling the "krb4" USE flag and recompiling the ebuild, or setting "v4_mode=none" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1" References ========== [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824440 Version: 1 HPSBOV02682 SSRT100495 rev.1 - HP OpenVMS running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running Kerberos. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or execution of arbitrary code, or by a remote unauthorized user to modify data, prompts, or responses. References: CVE-2008-0062, CVE-2008-0947, CVE-2008-0948, CVE-2009-0846, CVE-2009-4212, CVE-2010-1323 SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HP Kerberos for OpenVMS v 3.1 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-0062 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2008-0947 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-0948 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2009-0846 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-4212 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-1323 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kerberos V3.2 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/kerberos HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
var-202112-2540	vim is vulnerable to Use After Free. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069). See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security updates: * object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) Related bugs: * RHACM 2.2.11 images (Bugzilla #2029508) * ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859) 3. Bugs fixed (https://bugzilla.redhat.com/): 1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update Advisory ID: RHSA-2022:0444-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0444 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ===================================================================== 1. Summary: A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content: 1. On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example: $ oc login -u system:admin 2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands: $ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource} done 3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands: $ oc -n openshift import-image redhat-sso74-openshift:1.0 4. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5. JIRA issues fixed (https://issues.jboss.org/): CIAM-2060 - [log4j 1.x] RH-SSO 7.4.10 OCP images for x86 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. This update provides security fixes, fixes bugs, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816) * minio-go: user privilege escalation in AddUser() admin API (CVE-2021-43858) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * fastify-static: open redirect via an URL with double slash followed by a domain (CVE-2021-22963) * moby: `docker cp` allows unexpected chmod of host file (CVE-2021-41089) * moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal (CVE-2021-41091) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * node-fetch: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0235) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) Bug fixes: * Trying to create a new cluster on vSphere and no feedback, stuck in "creating" (Bugzilla #1937078) * The hyperlink of ks cluster node cannot be opened when I want to check the node (Bugzilla #2028100) Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196) * RHACM cannot deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) (Bugzilla #2028931) * RHACM 2.4.2 images (Bugzilla #2029506) * Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 (Bugzilla #2030005) * Namespace left orphaned after destroying the cluster (Bugzilla #2030379) * The results filtered through the filter contain some data that should not be present in cluster page (Bugzilla #2034198) * Git over ssh doesn't use custom port set in url (Bugzilla #2036057) * The value of name label changed from clusterclaim name to cluster name (Bugzilla #2042223) * ACM configuration policies do not handle Limitrange or Quotas values (Bugzilla #2042545) * Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 (Bugzilla #2050847) * The azure government regions were not list in the region drop down list when creating the cluster (Bugzilla #2051797) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 2001668 - [DDF] normally, in the OCP web console, one sees a yaml of the secret, where at the bottom, the following is shown: 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2008592 - CVE-2021-41089 moby: `docker cp` allows unexpected chmod of host file 2012909 - [DDF] We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when 2015152 - CVE-2021-22963 fastify-static: open redirect via an URL with double slash followed by a domain 2023448 - CVE-2021-41091 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2028100 - The hyperlink of ks cluster node can not be opened when I want to check the node 2028196 - Unable to make SSH connection to a Bitbucket server 2028931 - RHACM can not deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) 2029506 - RHACM 2.4.2 images 2030005 - Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 2030379 - Namespace left orphaned after destroying the cluster 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032957 - Missing AWX templates in ACM 2034198 - The results filtered through the filter contain some data that should not be present in cluster page 2036057 - git over ssh doesn't use custom port set in url 2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API 2039378 - Deploying CRD via Application does not update status in ACM console 2041015 - The base domain did not updated when switch the provider credentials during create the cluster/cluster pool 2042545 - ACM configuration policies do not handle Limitrange or Quotas values 2043519 - "apps.open-cluster-management.io/git-branch" annotation should be mandatory 2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050847 - Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 2051797 - the azure government regions were not list in the region drop down list when create the cluster 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 5. Description: OpenShift Logging bug fix and security update (5.3.5) Security Fix(es): jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2182 - Logging link is not removed when CLO is uninstalled or its instance is removed 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Background ========= Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060 Description ========== Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060" References ========= [ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4166) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192) It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554) It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629) It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685) It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714) It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729) It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7 Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14 Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13 Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6026-1 CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207 Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina Security Update 2022-005 Catalina addresses the following issues. APFS Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Calendar Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security Calendar Available for: macOS Catalina Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones CoreText Available for: macOS Catalina Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) FaceTime Available for: macOS Catalina Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing File System Events Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant ICU Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Catalina Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Kernel Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab libxml2 Available for: macOS Catalina Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Catalina Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Catalina Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Catalina Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Catalina Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Catalina Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant TCC Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Vim Available for: macOS Catalina Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 Wi-Fi Available for: macOS Catalina Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Security Update 2022-005 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32 qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1 PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA 6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J 96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj 8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK 8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao= =fcrb -----END PGP SIGNATURE-----
var-200907-0748	Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid (CVE-2011-3365). Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9 . CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure. The old stable distribution (etch) doesn't contain nss. For the stable distribution (lenny), these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution (sid), these problems have been fixed in version 3.12.3.1-1. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc Size/MD5 checksum: 1401 1dbc1107598064214fa689733495c56c http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz Size/MD5 checksum: 52489 96f62370296f7d18a9748429ac99525f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb Size/MD5 checksum: 3048842 6b764e28ae56542572a4275e50c4d303 http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb Size/MD5 checksum: 267250 b00f4c63a8d27a54fb562029411daf0e http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb Size/MD5 checksum: 1204106 c8ba098d6cc0af39ab93cd728ca7bb19 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb Size/MD5 checksum: 342544 2191bbcd5708f719392c8489bde7a0c6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb Size/MD5 checksum: 256944 7a31770b748ff56ba45ac55044960b6d http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb Size/MD5 checksum: 1069628 eea22c2ccef5375689fe581de8152a61 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb Size/MD5 checksum: 321374 1b86ac1f27fee3287f1418973595a4e9 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb Size/MD5 checksum: 3099080 f4112f9f06d87e6139097a27e1419664 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb Size/MD5 checksum: 2900162 21604ffa61b7f5049f0f919030fec0f0 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb Size/MD5 checksum: 1011344 78bc0d853274ca2fc9f36752ed9f9c51 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb Size/MD5 checksum: 308766 e7547e80f6726b91611f9b92d83aa6b3 http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb Size/MD5 checksum: 254374 ead00e7f25c47cc4b8b1ed99801c4ab9 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb Size/MD5 checksum: 257820 a17086cca6fdaf26e5a6b3fb84ae476d http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb Size/MD5 checksum: 308198 f24e01f4b2396193a314a965555374e8 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb Size/MD5 checksum: 1017054 d1086599e6a1904548804d538f90c810 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb Size/MD5 checksum: 2923084 b5e1d56b749941124c8b91f063d44c19 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb Size/MD5 checksum: 263122 b611c51dae677b42befac5f2e638d941 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb Size/MD5 checksum: 347148 c725c156c6cd17d09421e066548c673d http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb Size/MD5 checksum: 1169014 d5858e4c11ca0b88f59c24af1a251eea http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb Size/MD5 checksum: 2948790 92a46a3cd9b2db3c7f0d07d817a03ba4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb Size/MD5 checksum: 957706 21a666157a0a208d8405df062b3276d2 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb Size/MD5 checksum: 304016 9771905fcb4acd6855158c8645722762 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb Size/MD5 checksum: 2913468 89b7116120a075a7795615d062bd7450 http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb Size/MD5 checksum: 254478 7747ea82c2d9e93c6a610d60094fb316 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb Size/MD5 checksum: 267008 94a0fe98c183a728df7e64826f8b2c46 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb Size/MD5 checksum: 410780 a834a4f57ddc003570c6eaaafbc87032 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb Size/MD5 checksum: 2797788 1a1f375f7713f69acdf01e77f779b28b http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb Size/MD5 checksum: 1489492 a468da7ac4219e564793d06978a6be07 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb Size/MD5 checksum: 257808 fc1a4db95e71876cf0ffbe0b49327148 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb Size/MD5 checksum: 3049346 fc35475e7157e1859c154556ecb648b3 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb Size/MD5 checksum: 318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb Size/MD5 checksum: 1038702 0723e7d8621b7d65517cc3945a9790be mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb Size/MD5 checksum: 1028286 81e4bcd025b2ee3996de08b9fdb0b23a http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb Size/MD5 checksum: 317082 8b16e198a97ffb60df698767fef8cc35 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb Size/MD5 checksum: 2999704 d1f9bf1211ec7aa9458dcdd673a4a709 http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb Size/MD5 checksum: 257740 82ed6773d6e942a70f1274e4a241bdd9 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb Size/MD5 checksum: 255174 6abcf8f6d427c29f704ca156dc201113 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb Size/MD5 checksum: 1029684 997fec6bb01c10e9e3c6aa15f0f78386 http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb Size/MD5 checksum: 334590 1c8056037d5bccdad7977b49d3910065 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb Size/MD5 checksum: 2946754 1739d7e55a79d8e85dc5e668180846ae s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb Size/MD5 checksum: 1178522 0e72b044e78bca218a8d55c20c16e8d5 http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb Size/MD5 checksum: 3020690 7115f25dbf7c31c55e768d48a29c8b46 http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb Size/MD5 checksum: 258572 f8bf00777c295c76b0071a1354b011fa http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb Size/MD5 checksum: 346234 accf6855c0b8ea6d087bf062b2ac1d7b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb Size/MD5 checksum: 317482 f2f321d58890c1edb386ebc224ac052e http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb Size/MD5 checksum: 996192 cf17776aa8674a8c7e71527b6534b0e2 http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb Size/MD5 checksum: 257464 2452b9eef9a3c0b786d4dc4afc2d16ae http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb Size/MD5 checksum: 2712012 910e98017dabb5adcc109f05f94b1a56 These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2010-0001 Synopsis: ESX Service Console updates for nss and nspr Issue date: 2010-01-06 Updated on: 2010-01-06 (initial release of advisory) CVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 - ----------------------------------------------------------------------- 1. Summary Update for Service Console packages nss and nspr 2. Relevant releases VMware ESX 4.0 without patch ESX400-200912403-SG 3. Problem Description a. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200912403-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- ESX400-200912403-SG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip md5sum: 78c6cf139b7941dc736c9d3a41deae77 sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59 http://kb.vmware.com/kb/1016293 To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG update 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382 - ------------------------------------------------------------------------ 6. Change log 2010-01-06 VMSA-2010-0001 Initial security advisory after release of patch ESX400-200912403-SG for ESX 4.0 on 2010-01-06. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo HgNlBjOx5iQw7etlwwpbyuo= =bIJJ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Network Security Services Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36093 VERIFY ADVISORY: http://secunia.com/advisories/36093/ DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system. 1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate. Successful exploitation may allow execution of arbitrary code. 2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake. SOLUTION: Update to version 3.12.3 or later. PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This update fixes these vulnerability. IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.13 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a6822ef829b5dc2a49155770fc10cc20 2009.0/i586/beagle-0.3.8-13.14mdv2009.0.i586.rpm 2db822d3c7e73ac60ad781499e6ec251 2009.0/i586/beagle-crawl-system-0.3.8-13.14mdv2009.0.i586.rpm b0441b626197cb5d6e3444a3d482e79a 2009.0/i586/beagle-doc-0.3.8-13.14mdv2009.0.i586.rpm 5672bbd66911b997af8c84dbf7751bb5 2009.0/i586/beagle-epiphany-0.3.8-13.14mdv2009.0.i586.rpm e45dce0afc5f79b3744923edbb45d527 2009.0/i586/beagle-evolution-0.3.8-13.14mdv2009.0.i586.rpm 15b7970e50d9f5c47ddbf6e21f2bd782 2009.0/i586/beagle-gui-0.3.8-13.14mdv2009.0.i586.rpm a23bca93271243b989ea7afa3e898aca 2009.0/i586/beagle-gui-qt-0.3.8-13.14mdv2009.0.i586.rpm 9be046a4ddc0162ba1511715e08802ff 2009.0/i586/beagle-libs-0.3.8-13.14mdv2009.0.i586.rpm 2d60bf05386502d9fbb550f0bac1331b 2009.0/i586/devhelp-0.21-3.9mdv2009.0.i586.rpm 6bb27bb53d3bda021ceed7710d195338 2009.0/i586/devhelp-plugins-0.21-3.9mdv2009.0.i586.rpm 96e1d0f9d5c46a61a69c8a160285c92f 2009.0/i586/epiphany-2.24.0.1-3.11mdv2009.0.i586.rpm 36a0963341309cf3d0decf116c1a2668 2009.0/i586/epiphany-devel-2.24.0.1-3.11mdv2009.0.i586.rpm fef5d1610ade943011b36a0482e9043d 2009.0/i586/firefox-3.0.13-0.1mdv2009.0.i586.rpm 374b38801f273b8714be2782ac2e37c1 2009.0/i586/firefox-af-3.0.13-0.1mdv2009.0.i586.rpm f981898248d140a9b91619a690055c6f 2009.0/i586/firefox-ar-3.0.13-0.1mdv2009.0.i586.rpm cf01b3a96527899aad4f323c042c3ade 2009.0/i586/firefox-be-3.0.13-0.1mdv2009.0.i586.rpm 6fa86a03cb638ff49a28ac1073917df1 2009.0/i586/firefox-bg-3.0.13-0.1mdv2009.0.i586.rpm 089fda6b705c8a9abd994c819058f1c8 2009.0/i586/firefox-bn-3.0.13-0.1mdv2009.0.i586.rpm 8543e4eae4ce95e6eb32813bc1bc01fc 2009.0/i586/firefox-ca-3.0.13-0.1mdv2009.0.i586.rpm 4722b78b978a9f82de71d56fa0274ad4 2009.0/i586/firefox-cs-3.0.13-0.1mdv2009.0.i586.rpm 595d817763c4901c47b0ef479bd01bcc 2009.0/i586/firefox-cy-3.0.13-0.1mdv2009.0.i586.rpm 9bc25a5210fe99d2ba4d4b85e9018213 2009.0/i586/firefox-da-3.0.13-0.1mdv2009.0.i586.rpm e6fc11edfe7b86f04455b3dc7e4bd65e 2009.0/i586/firefox-de-3.0.13-0.1mdv2009.0.i586.rpm 9afa4c1062e91163756ef5109ff51187 2009.0/i586/firefox-el-3.0.13-0.1mdv2009.0.i586.rpm f75831ec921046c0dca1e13e34780c83 2009.0/i586/firefox-en_GB-3.0.13-0.1mdv2009.0.i586.rpm c58608f0789bdef53d1e89395fedf49f 2009.0/i586/firefox-eo-3.0.13-0.1mdv2009.0.i586.rpm 214574c3c5d82fe477ba0f50f63fd9fa 2009.0/i586/firefox-es_AR-3.0.13-0.1mdv2009.0.i586.rpm 658464fc37af0c06fffa759d037baceb 2009.0/i586/firefox-es_ES-3.0.13-0.1mdv2009.0.i586.rpm c5e764ad2738116d30343c0b38a962fa 2009.0/i586/firefox-et-3.0.13-0.1mdv2009.0.i586.rpm 8fb89898a68072bf7265c69d43410493 2009.0/i586/firefox-eu-3.0.13-0.1mdv2009.0.i586.rpm 3f361372c29fe95009dbd1078db64f65 2009.0/i586/firefox-ext-beagle-0.3.8-13.14mdv2009.0.i586.rpm 91464a6f25b8ea8c0d48de5cb0416740 2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.i586.rpm 9bc38cbec9d19bf568e6e9a89830a28f 2009.0/i586/firefox-fi-3.0.13-0.1mdv2009.0.i586.rpm 6dd78364bea9831ef0b3aa14f2d0118c 2009.0/i586/firefox-fr-3.0.13-0.1mdv2009.0.i586.rpm 180d5bfe08d234f02b1de34ca5654958 2009.0/i586/firefox-fy-3.0.13-0.1mdv2009.0.i586.rpm e4c18944adb12682655a90ee2faad97b 2009.0/i586/firefox-ga_IE-3.0.13-0.1mdv2009.0.i586.rpm 90b228a4010794165de329652ebbee25 2009.0/i586/firefox-gl-3.0.13-0.1mdv2009.0.i586.rpm f0586fdecb33249427065357a6e92d60 2009.0/i586/firefox-gu_IN-3.0.13-0.1mdv2009.0.i586.rpm 7bfc4a6196e2969a1cbae8d0f17f6ad1 2009.0/i586/firefox-he-3.0.13-0.1mdv2009.0.i586.rpm cca307fc57f277189b4d2bd8d7368abb 2009.0/i586/firefox-hi-3.0.13-0.1mdv2009.0.i586.rpm 052636e93f9576602a6d8876d19d8fc4 2009.0/i586/firefox-hu-3.0.13-0.1mdv2009.0.i586.rpm 899eeeca6c5305ce42fac890ae25acf4 2009.0/i586/firefox-id-3.0.13-0.1mdv2009.0.i586.rpm 876435ef3c302f94c8ce1cab6ec54e3e 2009.0/i586/firefox-is-3.0.13-0.1mdv2009.0.i586.rpm 9a663ac414779e841fa9e0b0de849e33 2009.0/i586/firefox-it-3.0.13-0.1mdv2009.0.i586.rpm 408453053f2dd0d238af016cb4e77237 2009.0/i586/firefox-ja-3.0.13-0.1mdv2009.0.i586.rpm cb0ab9447c1a5c439d1ede480c0f7835 2009.0/i586/firefox-ka-3.0.13-0.1mdv2009.0.i586.rpm 8fc83bc333676e38e3efd9b609fd674b 2009.0/i586/firefox-kn-3.0.13-0.1mdv2009.0.i586.rpm 612bb5fb598e61fb5802ff85708e6a5a 2009.0/i586/firefox-ko-3.0.13-0.1mdv2009.0.i586.rpm ac2312f1d74c268a72a4b4d3a4219ef1 2009.0/i586/firefox-ku-3.0.13-0.1mdv2009.0.i586.rpm 154dbc2ba6e46f5aa3ef99b66ec36a51 2009.0/i586/firefox-lt-3.0.13-0.1mdv2009.0.i586.rpm ecd25bc2d1e9cde62e0be85071c64529 2009.0/i586/firefox-lv-3.0.13-0.1mdv2009.0.i586.rpm 15f3d5c9a3a73a982c0c6351bb110271 2009.0/i586/firefox-mk-3.0.13-0.1mdv2009.0.i586.rpm 2b558113cd766e13056b99c48201f89b 2009.0/i586/firefox-mn-3.0.13-0.1mdv2009.0.i586.rpm 79f2fa3996f7b4f1779c6fa8f1a4543c 2009.0/i586/firefox-mr-3.0.13-0.1mdv2009.0.i586.rpm 8e73487dad85ffa6be02c17cc828beaa 2009.0/i586/firefox-nb_NO-3.0.13-0.1mdv2009.0.i586.rpm 366f85aa9ea20fcec1fef63b5a1f1df1 2009.0/i586/firefox-nl-3.0.13-0.1mdv2009.0.i586.rpm 43dca1cbb4ab3691cabf5cd74ffaf2b3 2009.0/i586/firefox-nn_NO-3.0.13-0.1mdv2009.0.i586.rpm 213f3e46bcfec9f7765569f4d004364a 2009.0/i586/firefox-oc-3.0.13-0.1mdv2009.0.i586.rpm d619b6e5f78f7f4bb0c60d19ceb7e876 2009.0/i586/firefox-pa_IN-3.0.13-0.1mdv2009.0.i586.rpm faf4b1e079c68e5697292fbdba30ebf1 2009.0/i586/firefox-pl-3.0.13-0.1mdv2009.0.i586.rpm 7d15b1990732f451bcfac1c1a7b77978 2009.0/i586/firefox-pt_BR-3.0.13-0.1mdv2009.0.i586.rpm c8b133b74d0eb2d3dec671a0c1f6bc86 2009.0/i586/firefox-pt_PT-3.0.13-0.1mdv2009.0.i586.rpm 4ece2c2e4e9fc0b25c8fb3287ec0b9af 2009.0/i586/firefox-ro-3.0.13-0.1mdv2009.0.i586.rpm f5ecba21ec0b359c057f378583b4279f 2009.0/i586/firefox-ru-3.0.13-0.1mdv2009.0.i586.rpm 4e64f4151cbcae1f498538d193cece9a 2009.0/i586/firefox-si-3.0.13-0.1mdv2009.0.i586.rpm 7989e3ec7fe2878ce4c334562aff9767 2009.0/i586/firefox-sk-3.0.13-0.1mdv2009.0.i586.rpm 7a117b88ad2206d9eda81ca884cbb385 2009.0/i586/firefox-sl-3.0.13-0.1mdv2009.0.i586.rpm 2d4d85a8e07af571c9c7e331de3be317 2009.0/i586/firefox-sq-3.0.13-0.1mdv2009.0.i586.rpm afc3cae145b8a5bce558aacbc0fdbfd1 2009.0/i586/firefox-sr-3.0.13-0.1mdv2009.0.i586.rpm a41f83c5f17482e24d113d7bee667984 2009.0/i586/firefox-sv_SE-3.0.13-0.1mdv2009.0.i586.rpm dc28d7e7746f1e95a25cb1e450c9619b 2009.0/i586/firefox-te-3.0.13-0.1mdv2009.0.i586.rpm f84f2d826d15843192a0f4b98e064547 2009.0/i586/firefox-th-3.0.13-0.1mdv2009.0.i586.rpm 1142168ff446e1a5f89be897815678b4 2009.0/i586/firefox-theme-kde4ff-0.14-4.9mdv2009.0.i586.rpm 0f8593cacdb0c3ee674c95ffcbc330fe 2009.0/i586/firefox-tr-3.0.13-0.1mdv2009.0.i586.rpm 69b5d73b3809140ab15c884cd75fc98f 2009.0/i586/firefox-uk-3.0.13-0.1mdv2009.0.i586.rpm e334049f5692cabfaedbe2c194b51202 2009.0/i586/firefox-zh_CN-3.0.13-0.1mdv2009.0.i586.rpm 2958cb63c8593fd8b8f1f68c8dde0905 2009.0/i586/firefox-zh_TW-3.0.13-0.1mdv2009.0.i586.rpm 7cda89f8cc627a59b61b976717be30d6 2009.0/i586/gnome-python-extras-2.19.1-20.9mdv2009.0.i586.rpm 576557a3a514f71933cb8a9c707ceb30 2009.0/i586/gnome-python-gda-2.19.1-20.9mdv2009.0.i586.rpm 976a8cff0d00126d7e4a807a8f879a54 2009.0/i586/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.i586.rpm 3d2424b8c8cab0668d691ebd947dd605 2009.0/i586/gnome-python-gdl-2.19.1-20.9mdv2009.0.i586.rpm 2e71485c4eca0038d61f4508926f7fa4 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.i586.rpm 5c1f92354d07da9682210eeb87825eb5 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.i586.rpm f04444a67896b048d7a84ed20357feed 2009.0/i586/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.i586.rpm 016f5cc2ec1a06598277a5b6be5efa2c 2009.0/i586/libdevhelp-1_0-0.21-3.9mdv2009.0.i586.rpm 1142e65abf94dac2b1b318bcea82bf5c 2009.0/i586/libdevhelp-1-devel-0.21-3.9mdv2009.0.i586.rpm 67d3d4ac04921885af224a9c70e87ae8 2009.0/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.0.i586.rpm af1331867d259d913a07f862a4079ee2 2009.0/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0bd0a103a85b8e8d4eaaac6dc5397867 2009.0/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0ec2c94351bc2f0c510721f09ea461b7 2009.0/i586/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.i586.rpm 37647fc015fa5559d6c77bb9e7321bfb 2009.0/i586/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.i586.rpm 2a89f46e141a1bc4218ce5f2dde00c1e 2009.0/i586/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.i586.rpm 914bcd8fb4c05239c2bdd162232a6ba3 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.i586.rpm 88e16f7cb5be2fc9fa83902ecafa19a6 2009.0/i586/xulrunner-1.9.0.13-0.1mdv2009.0.i586.rpm 4356ef867793688f2fde896a9d542057 2009.0/i586/yelp-2.24.0-3.9mdv2009.0.i586.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fd2a9ff60f4e68f4a481a5fe4a98c73a 2009.0/x86_64/beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 9b1d89b08f16e56768fd9542079f350d 2009.0/x86_64/beagle-crawl-system-0.3.8-13.14mdv2009.0.x86_64.rpm 6373aacafa1057af4684db790962e7ae 2009.0/x86_64/beagle-doc-0.3.8-13.14mdv2009.0.x86_64.rpm 4192fedb81ce69831e74fe6d3d93959f 2009.0/x86_64/beagle-epiphany-0.3.8-13.14mdv2009.0.x86_64.rpm 24e885319c5d9dfc9184d087dffc3f99 2009.0/x86_64/beagle-evolution-0.3.8-13.14mdv2009.0.x86_64.rpm 852adea7f93e3199a0f0c8843e7c55a8 2009.0/x86_64/beagle-gui-0.3.8-13.14mdv2009.0.x86_64.rpm fc485f7767ad85e2c026c404075d9229 2009.0/x86_64/beagle-gui-qt-0.3.8-13.14mdv2009.0.x86_64.rpm 07bb1b9c24c9f88ff8437d2c1b75878b 2009.0/x86_64/beagle-libs-0.3.8-13.14mdv2009.0.x86_64.rpm 092f8d36c077ff5d697d217156aca03a 2009.0/x86_64/devhelp-0.21-3.9mdv2009.0.x86_64.rpm a5101c919b946b770d14a049d788e8d9 2009.0/x86_64/devhelp-plugins-0.21-3.9mdv2009.0.x86_64.rpm 3d37811d58eabd343432f0bd79da93f9 2009.0/x86_64/epiphany-2.24.0.1-3.11mdv2009.0.x86_64.rpm 8bf41b3ccff1bbf6b517ddb43c65f3d4 2009.0/x86_64/epiphany-devel-2.24.0.1-3.11mdv2009.0.x86_64.rpm 90b2602358cda40b9b77ecf43d8a5813 2009.0/x86_64/firefox-3.0.13-0.1mdv2009.0.x86_64.rpm c802e7ce61f1c6db1861e1ad8625db58 2009.0/x86_64/firefox-af-3.0.13-0.1mdv2009.0.x86_64.rpm 26efc3eb99d920565bbecc31c5b29d2c 2009.0/x86_64/firefox-ar-3.0.13-0.1mdv2009.0.x86_64.rpm 5da83501fc42740dfca0a6b362e8e332 2009.0/x86_64/firefox-be-3.0.13-0.1mdv2009.0.x86_64.rpm 51267ac84ea3a0745f0229d4c379e591 2009.0/x86_64/firefox-bg-3.0.13-0.1mdv2009.0.x86_64.rpm 6ddce5aa96b508a7241526e00e78e393 2009.0/x86_64/firefox-bn-3.0.13-0.1mdv2009.0.x86_64.rpm 10c1b53854b08c634e853b8fc4fbbe74 2009.0/x86_64/firefox-ca-3.0.13-0.1mdv2009.0.x86_64.rpm 6f12ccc92981d70dbedeb8f99ac552e1 2009.0/x86_64/firefox-cs-3.0.13-0.1mdv2009.0.x86_64.rpm a0a79dd3c0984ee03834e06e44c6b632 2009.0/x86_64/firefox-cy-3.0.13-0.1mdv2009.0.x86_64.rpm 4fafa1c0616047cd355e9ce4621b964b 2009.0/x86_64/firefox-da-3.0.13-0.1mdv2009.0.x86_64.rpm 8b89533b107bcac1454e636d4bfdbb01 2009.0/x86_64/firefox-de-3.0.13-0.1mdv2009.0.x86_64.rpm 60ed34b007aef6983f7567df8e5aa360 2009.0/x86_64/firefox-el-3.0.13-0.1mdv2009.0.x86_64.rpm ae965aac1eaaecd6642a5926c221bcde 2009.0/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.0.x86_64.rpm 6df13fe269bc57cc42c94da2401def6d 2009.0/x86_64/firefox-eo-3.0.13-0.1mdv2009.0.x86_64.rpm 9d39eed36e33728f5a4d1cd629fcdc22 2009.0/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.0.x86_64.rpm f1f19bb222e2d5b2343535eab2beb94e 2009.0/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.0.x86_64.rpm 68eef6bc4021590584cb6fb1e137b1bd 2009.0/x86_64/firefox-et-3.0.13-0.1mdv2009.0.x86_64.rpm 54bc429f2eb350b2c94b4ecc776bfb8f 2009.0/x86_64/firefox-eu-3.0.13-0.1mdv2009.0.x86_64.rpm a4477742a5a74668cc72c9eda39ababa 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 6fdda4fcd02eff82a5fedbc0e7db4a89 2009.0/x86_64/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.x86_64.rpm 9138b808592bcf06e9cd6f0a58676c24 2009.0/x86_64/firefox-fi-3.0.13-0.1mdv2009.0.x86_64.rpm e8f9c8ea5248d400af9be21771195b66 2009.0/x86_64/firefox-fr-3.0.13-0.1mdv2009.0.x86_64.rpm 226c770c9eb371a9cd66747b3cad6828 2009.0/x86_64/firefox-fy-3.0.13-0.1mdv2009.0.x86_64.rpm 2260fcea15a9cc49b347390cadc71599 2009.0/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.0.x86_64.rpm f7a0c391873545dbb25c810ba12fe164 2009.0/x86_64/firefox-gl-3.0.13-0.1mdv2009.0.x86_64.rpm 32f993a35c46dcf8e25e39929b1ced2a 2009.0/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 2e4a73d19ccfcb20092160a6d5941e97 2009.0/x86_64/firefox-he-3.0.13-0.1mdv2009.0.x86_64.rpm 160666a1e608cff7401b43eed7f90535 2009.0/x86_64/firefox-hi-3.0.13-0.1mdv2009.0.x86_64.rpm b70b2c5f7af2cc81174f91cd31a1493c 2009.0/x86_64/firefox-hu-3.0.13-0.1mdv2009.0.x86_64.rpm 74fca931bba785ac47b7aa181494cdbb 2009.0/x86_64/firefox-id-3.0.13-0.1mdv2009.0.x86_64.rpm 3fe8638b5170b72917e4e8ea1174e17b 2009.0/x86_64/firefox-is-3.0.13-0.1mdv2009.0.x86_64.rpm 3f139ac3e9c365c8f693aba837e2a042 2009.0/x86_64/firefox-it-3.0.13-0.1mdv2009.0.x86_64.rpm f7b678a1bfbefda814fa83306222cc41 2009.0/x86_64/firefox-ja-3.0.13-0.1mdv2009.0.x86_64.rpm 7e939898258c08a317a36e07273ea209 2009.0/x86_64/firefox-ka-3.0.13-0.1mdv2009.0.x86_64.rpm 8882bfae1b24b58ff494f82415681987 2009.0/x86_64/firefox-kn-3.0.13-0.1mdv2009.0.x86_64.rpm 44fa31c02c81eaa8ae61bdcfbae64367 2009.0/x86_64/firefox-ko-3.0.13-0.1mdv2009.0.x86_64.rpm 2e072ba6d9650eea364a31eda816f11d 2009.0/x86_64/firefox-ku-3.0.13-0.1mdv2009.0.x86_64.rpm 36430330e9038c09c8d43c4cb448371e 2009.0/x86_64/firefox-lt-3.0.13-0.1mdv2009.0.x86_64.rpm 3ab6cc70b68e10bfd62cdfa896099eba 2009.0/x86_64/firefox-lv-3.0.13-0.1mdv2009.0.x86_64.rpm 3ed08b83e37d5b6e504dff1f8f716225 2009.0/x86_64/firefox-mk-3.0.13-0.1mdv2009.0.x86_64.rpm 7c392f1ece949f2cb44f980bd01e7f05 2009.0/x86_64/firefox-mn-3.0.13-0.1mdv2009.0.x86_64.rpm de1dff9b9089b68d57a98ddd4980b0a2 2009.0/x86_64/firefox-mr-3.0.13-0.1mdv2009.0.x86_64.rpm 05944f1a699c48a0ed982ec3d3f393c4 2009.0/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.0.x86_64.rpm f0cdec74711099dea77e948d5e41049e 2009.0/x86_64/firefox-nl-3.0.13-0.1mdv2009.0.x86_64.rpm f4a14720d7a2aea5cfd72fc6730d2434 2009.0/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.0.x86_64.rpm 16d2232a8ea403853c98628d15f6cb56 2009.0/x86_64/firefox-oc-3.0.13-0.1mdv2009.0.x86_64.rpm 80887101785cce0cc2e6a27b20b41f60 2009.0/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 701e26b5086b1d7d7e48e9c331ea9089 2009.0/x86_64/firefox-pl-3.0.13-0.1mdv2009.0.x86_64.rpm 6488b668d9adf9838ed5f99008bd1b4a 2009.0/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.0.x86_64.rpm 6c84cd88d4a0cef254c31f976a800935 2009.0/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.0.x86_64.rpm 636373ef3a086dab553648f83d482279 2009.0/x86_64/firefox-ro-3.0.13-0.1mdv2009.0.x86_64.rpm d6c65eba5659c9d149fb74aecd0811e3 2009.0/x86_64/firefox-ru-3.0.13-0.1mdv2009.0.x86_64.rpm 59499f35ccbf4fbc6e30b4b543808591 2009.0/x86_64/firefox-si-3.0.13-0.1mdv2009.0.x86_64.rpm 4055dc544ead5676a9f2722cc7de0194 2009.0/x86_64/firefox-sk-3.0.13-0.1mdv2009.0.x86_64.rpm caeb6cab946ba48c1a20a78f037ef2a4 2009.0/x86_64/firefox-sl-3.0.13-0.1mdv2009.0.x86_64.rpm 0bd2025f89f1a9f0f3ad440301b97e8e 2009.0/x86_64/firefox-sq-3.0.13-0.1mdv2009.0.x86_64.rpm 8fb7c0a27aad0d260dc578d5bb1edc12 2009.0/x86_64/firefox-sr-3.0.13-0.1mdv2009.0.x86_64.rpm 86cee077f57a2d01f82a57f0551fdaa9 2009.0/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.0.x86_64.rpm 197fb3cce50e96251dd25343c702e672 2009.0/x86_64/firefox-te-3.0.13-0.1mdv2009.0.x86_64.rpm 55de6243da14129f9c1920d1c10899c4 2009.0/x86_64/firefox-th-3.0.13-0.1mdv2009.0.x86_64.rpm 56e8da997a82e1e372f90a3e98223cc4 2009.0/x86_64/firefox-theme-kde4ff-0.14-4.9mdv2009.0.x86_64.rpm 6de08168f2bb62e24f8ee8cbebcd1e06 2009.0/x86_64/firefox-tr-3.0.13-0.1mdv2009.0.x86_64.rpm d52c8d02969da364f8863b148e31172d 2009.0/x86_64/firefox-uk-3.0.13-0.1mdv2009.0.x86_64.rpm a69b955bd947ae79203e14f19947a4be 2009.0/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.0.x86_64.rpm bfa84035e496517b0c750f904896e021 2009.0/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.0.x86_64.rpm 5f4c007fe54fdd6e306c0bc6a32ce055 2009.0/x86_64/gnome-python-extras-2.19.1-20.9mdv2009.0.x86_64.rpm 17063d1f6fa264a64488e8085ffbfdfd 2009.0/x86_64/gnome-python-gda-2.19.1-20.9mdv2009.0.x86_64.rpm d83b5300a513aa8339ffa20663c8ac42 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.x86_64.rpm 06d7f3eb117b4d9e4f84b910433325cf 2009.0/x86_64/gnome-python-gdl-2.19.1-20.9mdv2009.0.x86_64.rpm f5307d98cee90a569f425d64050d2dc6 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.x86_64.rpm 233d7ba8094c84e9e9823c960a2fd180 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.x86_64.rpm 897c01afbe582c23762a657f5b51f4f0 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.x86_64.rpm 7f3c87d9e9252afb547d799d1d6d8842 2009.0/x86_64/lib64devhelp-1_0-0.21-3.9mdv2009.0.x86_64.rpm 93194f771048027535174c69313c2834 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.9mdv2009.0.x86_64.rpm 364b6ddc466dc4ff461226e6294a9228 2009.0/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0d4a706595879f078eb4ec57e83274 2009.0/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm 914a5360230521851d79b1b4014d05b1 2009.0/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0c7d6fc7cd06f4b360e795ea73e224 2009.0/x86_64/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.x86_64.rpm 49fda0e4fd0db20a19575c267953b0d4 2009.0/x86_64/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.x86_64.rpm 21631df420534e57776cce23cbf26720 2009.0/x86_64/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.x86_64.rpm aacad587bb5852925be027737a9cbc12 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm ba4ebf98a11a3eac22e137453568c5f9 2009.0/x86_64/xulrunner-1.9.0.13-0.1mdv2009.0.x86_64.rpm c3de98f2e448f2f5020c53309ebef62e 2009.0/x86_64/yelp-2.24.0-3.9mdv2009.0.x86_64.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.1: 02a6e5e75e1f3ecf36a4d11f6dbedba7 2009.1/i586/beagle-0.3.9-9.5mdv2009.1.i586.rpm 482b004f51c7e2ace71be356e0038dc3 2009.1/i586/beagle-crawl-system-0.3.9-9.5mdv2009.1.i586.rpm 35b6c72c66b62354c4242ed5a411ad9c 2009.1/i586/beagle-doc-0.3.9-9.5mdv2009.1.i586.rpm 631ab9fdde431913bef47f7a1cfe648e 2009.1/i586/beagle-epiphany-0.3.9-9.5mdv2009.1.i586.rpm 6b1fb3a5454af591f23b57bbf22b3d0b 2009.1/i586/beagle-evolution-0.3.9-9.5mdv2009.1.i586.rpm 9622cf03e2a45e23db38d67f9fd50053 2009.1/i586/beagle-gui-0.3.9-9.5mdv2009.1.i586.rpm 6e40cf9fc5b65d1248624800389535b0 2009.1/i586/beagle-gui-qt-0.3.9-9.5mdv2009.1.i586.rpm 3b0e739963ac3b55e8707187e11fc279 2009.1/i586/beagle-libs-0.3.9-9.5mdv2009.1.i586.rpm f38430b9d54a355d78c344a815042493 2009.1/i586/epiphany-2.26.1-1.4mdv2009.1.i586.rpm 7464a347d7a112cba33c0451fdf3e494 2009.1/i586/epiphany-devel-2.26.1-1.4mdv2009.1.i586.rpm 35398cd906de679cbe81e39fa62a7bb5 2009.1/i586/firefox-3.0.13-0.1mdv2009.1.i586.rpm 747db0c713e55cc0ca0ecc85559ba20d 2009.1/i586/firefox-af-3.0.13-0.1mdv2009.1.i586.rpm 32b6dcc4dfd6bfb4baa22e2dd1974f05 2009.1/i586/firefox-ar-3.0.13-0.1mdv2009.1.i586.rpm d5ea263e00042a7f289878bad42030c5 2009.1/i586/firefox-be-3.0.13-0.1mdv2009.1.i586.rpm be72d85579f54829a57629e9de32e924 2009.1/i586/firefox-bg-3.0.13-0.1mdv2009.1.i586.rpm e1a249ed0b61d60e54dedd32e0920c88 2009.1/i586/firefox-bn-3.0.13-0.1mdv2009.1.i586.rpm abec705eb193cf54923ce26343093626 2009.1/i586/firefox-ca-3.0.13-0.1mdv2009.1.i586.rpm 9a9981f06f6e2c07c852a840e2e0c4be 2009.1/i586/firefox-cs-3.0.13-0.1mdv2009.1.i586.rpm d0b38d56ab9d0bd7b83294c916d18c22 2009.1/i586/firefox-cy-3.0.13-0.1mdv2009.1.i586.rpm 20762481ab33b7d288100af5d0df4b52 2009.1/i586/firefox-da-3.0.13-0.1mdv2009.1.i586.rpm c678cfa4ab8d7b255b08050fd696f51a 2009.1/i586/firefox-de-3.0.13-0.1mdv2009.1.i586.rpm 55ddb08f5d11860b3d1850644f8391bc 2009.1/i586/firefox-el-3.0.13-0.1mdv2009.1.i586.rpm f0cdc76908594aa02e8ac4426087c49a 2009.1/i586/firefox-en_GB-3.0.13-0.1mdv2009.1.i586.rpm 6d401632ede0e00d1100574ef5c691df 2009.1/i586/firefox-eo-3.0.13-0.1mdv2009.1.i586.rpm 0229797614722f047aab42187348dc23 2009.1/i586/firefox-es_AR-3.0.13-0.1mdv2009.1.i586.rpm f8d8dace13d5a80c7de216ced6f3c704 2009.1/i586/firefox-es_ES-3.0.13-0.1mdv2009.1.i586.rpm 7b5db78f898a0be652771f2a6c279683 2009.1/i586/firefox-et-3.0.13-0.1mdv2009.1.i586.rpm 60c1aaefbd0034c8b43911b1baf5b640 2009.1/i586/firefox-eu-3.0.13-0.1mdv2009.1.i586.rpm b289fd7f57f7186ca12568bf76c61e65 2009.1/i586/firefox-ext-beagle-0.3.9-9.5mdv2009.1.i586.rpm edb6ee195416dadf35cb73f809a5ff16 2009.1/i586/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.i586.rpm 0630091ee85b88ea38b8c8a9acd155d0 2009.1/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.i586.rpm ee77467d0ce879427f5b5653401e0ae7 2009.1/i586/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.i586.rpm d083b2e25d82ee4a28ee7bffa2fbcd6f 2009.1/i586/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.i586.rpm 6df500ba1935b1f75fc6bec70ec9954e 2009.1/i586/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.i586.rpm 5dea4c6d47a5dabb4e5d7ee8247ff5a8 2009.1/i586/firefox-fi-3.0.13-0.1mdv2009.1.i586.rpm 390c5d441455cc6e9c1bcbeda8e7dbca 2009.1/i586/firefox-fr-3.0.13-0.1mdv2009.1.i586.rpm 37f98a861ad4f0a22a85e2bce246c9dc 2009.1/i586/firefox-fy-3.0.13-0.1mdv2009.1.i586.rpm 6c095a6047feeca0daf6e08335aa09b2 2009.1/i586/firefox-ga_IE-3.0.13-0.1mdv2009.1.i586.rpm 73e498eba22675d906a7e0bcd98d8351 2009.1/i586/firefox-gl-3.0.13-0.1mdv2009.1.i586.rpm 5e7afc9a95d9a6aa8bc82eb4273c60ad 2009.1/i586/firefox-gu_IN-3.0.13-0.1mdv2009.1.i586.rpm 0f5f1b9052d09474e3ba239e93ecf6e3 2009.1/i586/firefox-he-3.0.13-0.1mdv2009.1.i586.rpm 43d603f48d2cb2056db51f496b1ec996 2009.1/i586/firefox-hi-3.0.13-0.1mdv2009.1.i586.rpm 5658131cf3843fbfd20259f34b3ba6c4 2009.1/i586/firefox-hu-3.0.13-0.1mdv2009.1.i586.rpm bda18918cf8e13fb5def716abfa954a5 2009.1/i586/firefox-id-3.0.13-0.1mdv2009.1.i586.rpm 1dcaedd447f98fea90da858018077827 2009.1/i586/firefox-is-3.0.13-0.1mdv2009.1.i586.rpm 2e4ff8ea149d58a8e643b1a1bbdd926c 2009.1/i586/firefox-it-3.0.13-0.1mdv2009.1.i586.rpm c19f3ca5d6017568651c8a121dea77f1 2009.1/i586/firefox-ja-3.0.13-0.1mdv2009.1.i586.rpm 38d9ab0a9c2ff15a8611314d22aeb431 2009.1/i586/firefox-ka-3.0.13-0.1mdv2009.1.i586.rpm eeea063ec6c259630ae7c6a101bf2bb0 2009.1/i586/firefox-kn-3.0.13-0.1mdv2009.1.i586.rpm 4af1e9aaecd7fe8f108a6e07e35af683 2009.1/i586/firefox-ko-3.0.13-0.1mdv2009.1.i586.rpm 97c7a6109534ed69ac2a95d46d98c83b 2009.1/i586/firefox-ku-3.0.13-0.1mdv2009.1.i586.rpm fa3c94d85013365ac1de09fba178725e 2009.1/i586/firefox-lt-3.0.13-0.1mdv2009.1.i586.rpm 89b99d16c7696215aa771ccb46b5140f 2009.1/i586/firefox-lv-3.0.13-0.1mdv2009.1.i586.rpm e68aca3813376b9d7ac91ed9e652c86a 2009.1/i586/firefox-mk-3.0.13-0.1mdv2009.1.i586.rpm 1189c9995b70c74ee8d025328926fe86 2009.1/i586/firefox-mn-3.0.13-0.1mdv2009.1.i586.rpm 25d5dc4d46f7519b4f7510b7563204a6 2009.1/i586/firefox-mr-3.0.13-0.1mdv2009.1.i586.rpm b948b123aeae7dd1ff6ceac9fb2fd4fe 2009.1/i586/firefox-nb_NO-3.0.13-0.1mdv2009.1.i586.rpm bd71f911c9c25dc049253388f0e38e27 2009.1/i586/firefox-nl-3.0.13-0.1mdv2009.1.i586.rpm 064243c7004e78e90dd3e95f9bbda10e 2009.1/i586/firefox-nn_NO-3.0.13-0.1mdv2009.1.i586.rpm db787a4f4019793289c643430362d20d 2009.1/i586/firefox-oc-3.0.13-0.1mdv2009.1.i586.rpm 982f104ab8655d4e4a58d2fc977abd0f 2009.1/i586/firefox-pa_IN-3.0.13-0.1mdv2009.1.i586.rpm 1910b94dd2e3b7f1959647608b2eea9f 2009.1/i586/firefox-pl-3.0.13-0.1mdv2009.1.i586.rpm ad497287a8eee4a53a9c73c93a93eb7f 2009.1/i586/firefox-pt_BR-3.0.13-0.1mdv2009.1.i586.rpm b0b38785c4509adeaf90ed00d7555307 2009.1/i586/firefox-pt_PT-3.0.13-0.1mdv2009.1.i586.rpm f48a4f020c694bb337738f073294d7b6 2009.1/i586/firefox-ro-3.0.13-0.1mdv2009.1.i586.rpm 925d46b4f5381b68da420d95707ea126 2009.1/i586/firefox-ru-3.0.13-0.1mdv2009.1.i586.rpm 9b146a4926086398e4d5ab11c699ea43 2009.1/i586/firefox-si-3.0.13-0.1mdv2009.1.i586.rpm ed0f2e95b6583fb3827b318b9a436a7f 2009.1/i586/firefox-sk-3.0.13-0.1mdv2009.1.i586.rpm 4b31198d77d385503ded07c92d5bfa28 2009.1/i586/firefox-sl-3.0.13-0.1mdv2009.1.i586.rpm a6c948af4cca0a6ed8add460614a2f15 2009.1/i586/firefox-sq-3.0.13-0.1mdv2009.1.i586.rpm 843076ec2061c31b5ca1e70b5c5e35bc 2009.1/i586/firefox-sr-3.0.13-0.1mdv2009.1.i586.rpm a27edd893e4de4da213d18ba020be791 2009.1/i586/firefox-sv_SE-3.0.13-0.1mdv2009.1.i586.rpm 4928710100f1cf2c7ef31cc2edf37a9f 2009.1/i586/firefox-te-3.0.13-0.1mdv2009.1.i586.rpm 69e8f023850274da2c755c97475bada0 2009.1/i586/firefox-th-3.0.13-0.1mdv2009.1.i586.rpm 508f99e1c11a9d563752ab846ef13ae6 2009.1/i586/firefox-theme-kde4ff-0.14-9.4mdv2009.1.i586.rpm 6a3c8c3572a54e84f875abd932d1f36a 2009.1/i586/firefox-tr-3.0.13-0.1mdv2009.1.i586.rpm bf9c26e5179d8ab5cab5dfbf3bcdf625 2009.1/i586/firefox-uk-3.0.13-0.1mdv2009.1.i586.rpm edc44052fc7c9f5e622d2c3ee936a15a 2009.1/i586/firefox-zh_CN-3.0.13-0.1mdv2009.1.i586.rpm f4e5ddc6ca4166fc7d9eac145daafa0f 2009.1/i586/firefox-zh_TW-3.0.13-0.1mdv2009.1.i586.rpm 2ec6ee6f4bc479a0df1aed09a14fabd6 2009.1/i586/gnome-python-extras-2.25.3-3.4mdv2009.1.i586.rpm de18a2772218441d111b34f22b167f13 2009.1/i586/gnome-python-gda-2.25.3-3.4mdv2009.1.i586.rpm 127a6a5e43d83d66d0ded5aa584c02c2 2009.1/i586/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.i586.rpm d48dd202de348a94e34a9ceddad39ea3 2009.1/i586/gnome-python-gdl-2.25.3-3.4mdv2009.1.i586.rpm d0385e185a8fdcfceb0b12e247f38a06 2009.1/i586/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.i586.rpm 40fabeba612597b0168c90526de831b3 2009.1/i586/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.i586.rpm aa828d3d1bdc98a39f9a42912c368c46 2009.1/i586/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.i586.rpm 24defa823e2663746ac1268ac84b6861 2009.1/i586/google-gadgets-common-0.10.5-8.4mdv2009.1.i586.rpm 242a77aebfbc468bfabb0adaff48de3b 2009.1/i586/google-gadgets-gtk-0.10.5-8.4mdv2009.1.i586.rpm fbd62d9e59ce22e981046e152864a145 2009.1/i586/google-gadgets-qt-0.10.5-8.4mdv2009.1.i586.rpm db4bbcef16b4cd0d6c5e2e6f6e3b21b2 2009.1/i586/google-gadgets-xul-0.10.5-8.4mdv2009.1.i586.rpm e01aca911fa6c0b6a65170b837d211b0 2009.1/i586/libggadget1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 453d4660196abc4ba630e8ef69ac155d 2009.1/i586/libggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 66fe485dc7244284b357002c6da72559 2009.1/i586/libggadget-qt1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 413423499013ae96ad1c291397227090 2009.1/i586/libgoogle-gadgets-devel-0.10.5-8.4mdv2009.1.i586.rpm 6082879c5af962a8474b1073f21eac37 2009.1/i586/libopensc2-0.11.7-1.5mdv2009.1.i586.rpm 3745d1c725f41358d618fb97220aafe9 2009.1/i586/libopensc-devel-0.11.7-1.5mdv2009.1.i586.rpm 9de279ba145068aa78851fd2ebd10f93 2009.1/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.1.i586.rpm 6a43e8778a0bec902b98a36ff62940f9 2009.1/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 8388761cf3518803db13cbf028521ce1 2009.1/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 24243e8c675f466359226df4c589c903 2009.1/i586/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.i586.rpm eb3ae0e067ab54672cf2e8892ebefcbf 2009.1/i586/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.i586.rpm 3a91f9218bc8888973d17767555d8aa8 2009.1/i586/opensc-0.11.7-1.5mdv2009.1.i586.rpm 4d47048da6df8491bf219ec1dc2341fb 2009.1/i586/python-xpcom-1.9.0.13-0.1mdv2009.1.i586.rpm fd9a9580bbcf6d01f1fb4eb7ded635d0 2009.1/i586/xulrunner-1.9.0.13-0.1mdv2009.1.i586.rpm 19e0b9f555a7fd853e3e918343f2755d 2009.1/i586/yelp-2.26.0-3.3mdv2009.1.i586.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: c36d9f1acf48047279e896bb634d234b 2009.1/x86_64/beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 5c95ae3cbbcf85f090fb9d0c1938d9ed 2009.1/x86_64/beagle-crawl-system-0.3.9-9.5mdv2009.1.x86_64.rpm 1840f428bb5e0dd7838d296efcb71e77 2009.1/x86_64/beagle-doc-0.3.9-9.5mdv2009.1.x86_64.rpm 4c721f370cea219bbe25aa38598c4e69 2009.1/x86_64/beagle-epiphany-0.3.9-9.5mdv2009.1.x86_64.rpm 9599ffa8713db93a3033b679587f3226 2009.1/x86_64/beagle-evolution-0.3.9-9.5mdv2009.1.x86_64.rpm 7482b55f0cad37b471a1cef5bd23c0e3 2009.1/x86_64/beagle-gui-0.3.9-9.5mdv2009.1.x86_64.rpm d050dd673c46bae92e5fec2f1bca03db 2009.1/x86_64/beagle-gui-qt-0.3.9-9.5mdv2009.1.x86_64.rpm bfd296ac1df14f1117709f22255af179 2009.1/x86_64/beagle-libs-0.3.9-9.5mdv2009.1.x86_64.rpm d98c5888135b45e638be7f2023014e1b 2009.1/x86_64/epiphany-2.26.1-1.4mdv2009.1.x86_64.rpm 1133129e7e311d8f17cf5e6a398f2361 2009.1/x86_64/epiphany-devel-2.26.1-1.4mdv2009.1.x86_64.rpm 47ebfc1eaecfb21fb64b76f5cff01bba 2009.1/x86_64/firefox-3.0.13-0.1mdv2009.1.x86_64.rpm 47450b56105eb661b4d5e764b92c4848 2009.1/x86_64/firefox-af-3.0.13-0.1mdv2009.1.x86_64.rpm acc8619b4a5ff7e07ca9e776671ab2df 2009.1/x86_64/firefox-ar-3.0.13-0.1mdv2009.1.x86_64.rpm 5aebde9a362c79ede6fb6d0e1290f61e 2009.1/x86_64/firefox-be-3.0.13-0.1mdv2009.1.x86_64.rpm d9f1967bf000028b89893b6aef966b89 2009.1/x86_64/firefox-bg-3.0.13-0.1mdv2009.1.x86_64.rpm ac21174d256d9d047ba8f76881543bb2 2009.1/x86_64/firefox-bn-3.0.13-0.1mdv2009.1.x86_64.rpm 18b756689eade8271ee8dc7899230a16 2009.1/x86_64/firefox-ca-3.0.13-0.1mdv2009.1.x86_64.rpm 0f57aaff5ccde5dfa661a90813d547db 2009.1/x86_64/firefox-cs-3.0.13-0.1mdv2009.1.x86_64.rpm 2252fa9007f0fc6a94d7a9438872afd3 2009.1/x86_64/firefox-cy-3.0.13-0.1mdv2009.1.x86_64.rpm 44f20e0a30f4cf16236838f9aa1f88d0 2009.1/x86_64/firefox-da-3.0.13-0.1mdv2009.1.x86_64.rpm 59c66733cf61d58d73fb9b5f41b57920 2009.1/x86_64/firefox-de-3.0.13-0.1mdv2009.1.x86_64.rpm 04100565176011d7150d3c087bb215df 2009.1/x86_64/firefox-el-3.0.13-0.1mdv2009.1.x86_64.rpm 5367a69056711c90e873e28472f0b19a 2009.1/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.1.x86_64.rpm 1230d78f22b979b5e7fee7cf4b18fce7 2009.1/x86_64/firefox-eo-3.0.13-0.1mdv2009.1.x86_64.rpm a8db004ce04338e0c8716d1a01ddcbbd 2009.1/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.1.x86_64.rpm ca48f0d5c7707c5ca05b11814d0bbaa0 2009.1/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.1.x86_64.rpm 942cf5ccd3d19a908f4d7da8371687c0 2009.1/x86_64/firefox-et-3.0.13-0.1mdv2009.1.x86_64.rpm 9cd2adde1f16c9c22a9ba8067da07833 2009.1/x86_64/firefox-eu-3.0.13-0.1mdv2009.1.x86_64.rpm 108d71c9ddaffbe3377c8110fd01455a 2009.1/x86_64/firefox-ext-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 940d1c80f9b8067634b2db20a6b4b442 2009.1/x86_64/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.x86_64.rpm ea3df4f56d5f7f04ed9bbd152b4b64e5 2009.1/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.x86_64.rpm 2632aec22bb53583910e897e2a1cacb6 2009.1/x86_64/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.x86_64.rpm 30a0d66124cd861aa9bad4d4667e2b0a 2009.1/x86_64/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.x86_64.rpm d5e04c94a1c8c01b8524e88d1259426d 2009.1/x86_64/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.x86_64.rpm ecfc78bb13ab5ba6cefe133f3af7b241 2009.1/x86_64/firefox-fi-3.0.13-0.1mdv2009.1.x86_64.rpm 744885d5ef6ddffc01cfd649aa78446c 2009.1/x86_64/firefox-fr-3.0.13-0.1mdv2009.1.x86_64.rpm f86420b3088e2f9e831a8f2942c80e20 2009.1/x86_64/firefox-fy-3.0.13-0.1mdv2009.1.x86_64.rpm f1e47c1c525deae51ca515bc54b191d9 2009.1/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.1.x86_64.rpm 1c9a4cf0086a2a73273dc2527146996b 2009.1/x86_64/firefox-gl-3.0.13-0.1mdv2009.1.x86_64.rpm 02181f2c28803c2f16f1a3e3b7fb02d8 2009.1/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 0d1f95ef27e7e0e4c91de3edf3fca42b 2009.1/x86_64/firefox-he-3.0.13-0.1mdv2009.1.x86_64.rpm cd404a74b0208aa6ed34aa267655909b 2009.1/x86_64/firefox-hi-3.0.13-0.1mdv2009.1.x86_64.rpm a2b6ae88c22fa0c6120fb08181880318 2009.1/x86_64/firefox-hu-3.0.13-0.1mdv2009.1.x86_64.rpm aa85d9b9afa4feddc6af9811caa5fe50 2009.1/x86_64/firefox-id-3.0.13-0.1mdv2009.1.x86_64.rpm e4bcf07136d1d4446dd61696fc639ef6 2009.1/x86_64/firefox-is-3.0.13-0.1mdv2009.1.x86_64.rpm b13bc89dcc3301215f990fafcb90bc32 2009.1/x86_64/firefox-it-3.0.13-0.1mdv2009.1.x86_64.rpm 4f22348d1ea02fb96c2f1cc8ee36e80e 2009.1/x86_64/firefox-ja-3.0.13-0.1mdv2009.1.x86_64.rpm 8a96165ab90b3055d625c95a3ccdc68e 2009.1/x86_64/firefox-ka-3.0.13-0.1mdv2009.1.x86_64.rpm 628bcfa94c5c11aa37a118ef6a3350cc 2009.1/x86_64/firefox-kn-3.0.13-0.1mdv2009.1.x86_64.rpm 7ade9a53e95fd05ce83a284168ce2170 2009.1/x86_64/firefox-ko-3.0.13-0.1mdv2009.1.x86_64.rpm bdfc5c720a9bbb1cb9578359d979465b 2009.1/x86_64/firefox-ku-3.0.13-0.1mdv2009.1.x86_64.rpm bd64b864d9c981c33fcd81c41c91cf7d 2009.1/x86_64/firefox-lt-3.0.13-0.1mdv2009.1.x86_64.rpm f9660b30a3eb579bbd89be4dc71a76a6 2009.1/x86_64/firefox-lv-3.0.13-0.1mdv2009.1.x86_64.rpm 709c8e7f32d9d49f600e5f05c1f87d1a 2009.1/x86_64/firefox-mk-3.0.13-0.1mdv2009.1.x86_64.rpm 0c7a1a138e579900d145b87917f6b2a2 2009.1/x86_64/firefox-mn-3.0.13-0.1mdv2009.1.x86_64.rpm b677a6c74468be431570a44903ee8fa4 2009.1/x86_64/firefox-mr-3.0.13-0.1mdv2009.1.x86_64.rpm daaa3e466eab6167abea639cae3ebce6 2009.1/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 1d964b69189c384f5a3c0960ee18b41e 2009.1/x86_64/firefox-nl-3.0.13-0.1mdv2009.1.x86_64.rpm d8fa342c4dfb6a2722ec9effcdcf3aa9 2009.1/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 4d90ce7edd695f4499767ef71b129299 2009.1/x86_64/firefox-oc-3.0.13-0.1mdv2009.1.x86_64.rpm 0b9c151cd2c230af2bed817e1b644cab 2009.1/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 19a26cf9c2a70c76e05cf8fee3470ba5 2009.1/x86_64/firefox-pl-3.0.13-0.1mdv2009.1.x86_64.rpm fe317964bd37486cd999dd3cfb04c520 2009.1/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.1.x86_64.rpm e2c5c97577af742a1416831bc43cb8f7 2009.1/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.1.x86_64.rpm f1f461aec3657b71b9ed4a5b4692b930 2009.1/x86_64/firefox-ro-3.0.13-0.1mdv2009.1.x86_64.rpm 09ecf09a2b59d569ecaaeed9a3146dee 2009.1/x86_64/firefox-ru-3.0.13-0.1mdv2009.1.x86_64.rpm bc2d376efedecbc89074ae581aa87275 2009.1/x86_64/firefox-si-3.0.13-0.1mdv2009.1.x86_64.rpm cec08f9dacf531d7dda18315216db705 2009.1/x86_64/firefox-sk-3.0.13-0.1mdv2009.1.x86_64.rpm 00c555b74e28addb4c5dc3edcfdee68e 2009.1/x86_64/firefox-sl-3.0.13-0.1mdv2009.1.x86_64.rpm 452f32a5e4dc4b3bd170b0fd1f2da034 2009.1/x86_64/firefox-sq-3.0.13-0.1mdv2009.1.x86_64.rpm ff77e5234ba14c18c8cf97b0ce864300 2009.1/x86_64/firefox-sr-3.0.13-0.1mdv2009.1.x86_64.rpm 17ba1ede71f4bb9b12b54a0325207abf 2009.1/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.1.x86_64.rpm 7ce4fc40ac9f173d156f94fce6e334a4 2009.1/x86_64/firefox-te-3.0.13-0.1mdv2009.1.x86_64.rpm 64495f1b732da002632b16c402c6b289 2009.1/x86_64/firefox-th-3.0.13-0.1mdv2009.1.x86_64.rpm db3a4f8fc0c4b7eab23fa30d92b6b626 2009.1/x86_64/firefox-theme-kde4ff-0.14-9.4mdv2009.1.x86_64.rpm dc2098a10b0fb76849d3127ec5be3fdf 2009.1/x86_64/firefox-tr-3.0.13-0.1mdv2009.1.x86_64.rpm 8060c3319d3ddc294dd23ad96b0dddce 2009.1/x86_64/firefox-uk-3.0.13-0.1mdv2009.1.x86_64.rpm 093a18263fd0b5e8a249ba3ae309d033 2009.1/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.1.x86_64.rpm 98141646609afd7b4e0d775c6a43c2d6 2009.1/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.1.x86_64.rpm a1310aa2ad1069c9b334e924856c4aba 2009.1/x86_64/gnome-python-extras-2.25.3-3.4mdv2009.1.x86_64.rpm eaf634e01b450fef9569c5c960b2c95f 2009.1/x86_64/gnome-python-gda-2.25.3-3.4mdv2009.1.x86_64.rpm 2ec8ab29ff1f49582d4f56b8c92440f0 2009.1/x86_64/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.x86_64.rpm acec5c9b14df2b10f9df47df0803c6e8 2009.1/x86_64/gnome-python-gdl-2.25.3-3.4mdv2009.1.x86_64.rpm 68bbcfe7d270dd49b7e550be197c775b 2009.1/x86_64/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.x86_64.rpm b9cd18d7efd34c9775be4b742a7e37a2 2009.1/x86_64/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.x86_64.rpm 72d4f8e53f8a4cf8ed418e387ab320dd 2009.1/x86_64/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.x86_64.rpm 30d58bb6680778587ee80dcfaa935c20 2009.1/x86_64/google-gadgets-common-0.10.5-8.4mdv2009.1.x86_64.rpm 2185d6144593d136ce92db2435cce190 2009.1/x86_64/google-gadgets-gtk-0.10.5-8.4mdv2009.1.x86_64.rpm 8cbbc63875d035a089fc83e6139fa745 2009.1/x86_64/google-gadgets-qt-0.10.5-8.4mdv2009.1.x86_64.rpm 350d36d5c4dcec349eea1c4babb82075 2009.1/x86_64/google-gadgets-xul-0.10.5-8.4mdv2009.1.x86_64.rpm b154ed291a0d28708d0122953bf6f7c3 2009.1/x86_64/lib64ggadget1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 62883fed1843c556659b681ccaedbaf7 2009.1/x86_64/lib64ggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm c04399358f39bea011b70516b53c77f3 2009.1/x86_64/lib64ggadget-qt1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 681cf0d9f283b53c2d9d2063695d3863 2009.1/x86_64/lib64google-gadgets-devel-0.10.5-8.4mdv2009.1.x86_64.rpm 014d1c2c8f128d9bff62c0dc1950fa6e 2009.1/x86_64/lib64opensc2-0.11.7-1.5mdv2009.1.x86_64.rpm 5833b0c82ae72fa9dd86fae661496fdc 2009.1/x86_64/lib64opensc-devel-0.11.7-1.5mdv2009.1.x86_64.rpm 5860961f66479a8a3d53d25b2f60e92c 2009.1/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.1.x86_64.rpm e1e06188cc7a6784d9a2542c21389e44 2009.1/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm c245b2dfa3c671353719224d8ca4529f 2009.1/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm 06c9d38b4830a69f5396d3bb75132e46 2009.1/x86_64/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.x86_64.rpm 35b409ded01fb0eb7d025351b9d2bf32 2009.1/x86_64/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm ce9a6dd2cb27352e5567f0b07706ec0d 2009.1/x86_64/opensc-0.11.7-1.5mdv2009.1.x86_64.rpm c0a59d0e57cf7d0446b89a7f60053b62 2009.1/x86_64/python-xpcom-1.9.0.13-0.1mdv2009.1.x86_64.rpm e2a2058629df60177dd44c31f01a7610 2009.1/x86_64/xulrunner-1.9.0.13-0.1mdv2009.1.x86_64.rpm 90bc8f01bbb02ea3684fae73d0724cee 2009.1/x86_64/yelp-2.26.0-3.3mdv2009.1.x86_64.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Enterprise Server 5: 68ce74618320a30cfdfe2d4063d5418e mes5/i586/firefox-3.0.13-0.1mdvmes5.i586.rpm 6d43b355dba55dd1af55e9cc713f0605 mes5/i586/firefox-af-3.0.13-0.1mdvmes5.i586.rpm 7d1f2c0b1f9151e2075c0c36d907fa00 mes5/i586/firefox-ar-3.0.13-0.1mdvmes5.i586.rpm 3988712bafbab7d137996404484cde30 mes5/i586/firefox-be-3.0.13-0.1mdvmes5.i586.rpm 593ee45262bec9390b221c02d8ee8864 mes5/i586/firefox-bg-3.0.13-0.1mdvmes5.i586.rpm 3567bb9057794aaf470d5d766a75bae0 mes5/i586/firefox-bn-3.0.13-0.1mdvmes5.i586.rpm 4f694f127521b4cddc19f0f50a3be63d mes5/i586/firefox-ca-3.0.13-0.1mdvmes5.i586.rpm cd04a5a66a2670f908fcb511d9a9821c mes5/i586/firefox-cs-3.0.13-0.1mdvmes5.i586.rpm 44eb4f6361c6645057f941e6e1ca43b4 mes5/i586/firefox-cy-3.0.13-0.1mdvmes5.i586.rpm f748608e0c7e1b5b382889af5a540012 mes5/i586/firefox-da-3.0.13-0.1mdvmes5.i586.rpm c1afbf2462632580e10beedf00ef4e23 mes5/i586/firefox-de-3.0.13-0.1mdvmes5.i586.rpm f55d0c036d9c84a9324ee618946810c0 mes5/i586/firefox-el-3.0.13-0.1mdvmes5.i586.rpm f51244caf9b6b71e6fc3c23cae421abf mes5/i586/firefox-en_GB-3.0.13-0.1mdvmes5.i586.rpm 2a4eccef20f00eceacce64a64327e5c6 mes5/i586/firefox-eo-3.0.13-0.1mdvmes5.i586.rpm 76e3121e28b5b223aaeb314a1bb30d03 mes5/i586/firefox-es_AR-3.0.13-0.1mdvmes5.i586.rpm f6f773cb3c0dfdea56f7cb1d1b02690d mes5/i586/firefox-es_ES-3.0.13-0.1mdvmes5.i586.rpm b41e4d171aba9ee620fe9987fee705f3 mes5/i586/firefox-et-3.0.13-0.1mdvmes5.i586.rpm f608df3e51d71887c42ee383a4a42de6 mes5/i586/firefox-eu-3.0.13-0.1mdvmes5.i586.rpm b246f92f226918d0bdb94cea1eb36040 mes5/i586/firefox-fi-3.0.13-0.1mdvmes5.i586.rpm 0731bc1f06c6d11892dfd0d6390fe2c8 mes5/i586/firefox-fr-3.0.13-0.1mdvmes5.i586.rpm aa6c29bb715d24c7408f9b87cdbb6a8c mes5/i586/firefox-fy-3.0.13-0.1mdvmes5.i586.rpm 748f49cefa5cbad391825aca290d3c66 mes5/i586/firefox-ga_IE-3.0.13-0.1mdvmes5.i586.rpm 372e5844c83e30bd4f7166c43963cc07 mes5/i586/firefox-gl-3.0.13-0.1mdvmes5.i586.rpm a5dd5f6079e40de2c1f802e249d5e591 mes5/i586/firefox-gu_IN-3.0.13-0.1mdvmes5.i586.rpm a35f66c748bc656e3e372eda1b167030 mes5/i586/firefox-he-3.0.13-0.1mdvmes5.i586.rpm 448a23e0530358423527c5b802c6c8ae mes5/i586/firefox-hi-3.0.13-0.1mdvmes5.i586.rpm d387c02975f83f8dfe12eb4c52b0a331 mes5/i586/firefox-hu-3.0.13-0.1mdvmes5.i586.rpm 1cd59afe967658f2b423539334c3ce61 mes5/i586/firefox-id-3.0.13-0.1mdvmes5.i586.rpm 444267bd6f7274c59dd179f59e618753 mes5/i586/firefox-is-3.0.13-0.1mdvmes5.i586.rpm e5879fdc064e5e35eb89514ed3188eb7 mes5/i586/firefox-it-3.0.13-0.1mdvmes5.i586.rpm 022dfc09d80f3faf5557449828e1b15f mes5/i586/firefox-ja-3.0.13-0.1mdvmes5.i586.rpm 49f516c1985e8e177025ab0682bfc2ef mes5/i586/firefox-ka-3.0.13-0.1mdvmes5.i586.rpm c98f30efb698ee50e0754338feced95e mes5/i586/firefox-kn-3.0.13-0.1mdvmes5.i586.rpm 3a3f75d10a4a6149eefa8835e32a548c mes5/i586/firefox-ko-3.0.13-0.1mdvmes5.i586.rpm 53f1afe28e0cdf504819ca0d58bc1b76 mes5/i586/firefox-ku-3.0.13-0.1mdvmes5.i586.rpm b15b9c778a7476304cd9659a3435529e mes5/i586/firefox-lt-3.0.13-0.1mdvmes5.i586.rpm c2a743444a51e06b3aa079c7edc01564 mes5/i586/firefox-lv-3.0.13-0.1mdvmes5.i586.rpm 75bf88f7f10a7a5b893bc3e71da9ca40 mes5/i586/firefox-mk-3.0.13-0.1mdvmes5.i586.rpm b746223c11dde362ae707dc984a7d5b0 mes5/i586/firefox-mn-3.0.13-0.1mdvmes5.i586.rpm 71fb9f66d6eb6bf426c4bdddaa039aa7 mes5/i586/firefox-mr-3.0.13-0.1mdvmes5.i586.rpm dd91665a870035058d8cac9f68b9d0c1 mes5/i586/firefox-nb_NO-3.0.13-0.1mdvmes5.i586.rpm 5ae1128299337783f6f3f29a28cf92a3 mes5/i586/firefox-nl-3.0.13-0.1mdvmes5.i586.rpm 74c75652327d9b02ca55cae7e45552b9 mes5/i586/firefox-nn_NO-3.0.13-0.1mdvmes5.i586.rpm 91abc0e9b5150d18fde15c3dbfda86f4 mes5/i586/firefox-oc-3.0.13-0.1mdvmes5.i586.rpm 1537934527c0ea2bfba002c439406ae8 mes5/i586/firefox-pa_IN-3.0.13-0.1mdvmes5.i586.rpm 2d869ba32910994884254f480b03024f mes5/i586/firefox-pl-3.0.13-0.1mdvmes5.i586.rpm 1ba3ede9924e9dc6a6638392d91f99cc mes5/i586/firefox-pt_BR-3.0.13-0.1mdvmes5.i586.rpm 26afeb86b4504a69f94b94e682f10673 mes5/i586/firefox-pt_PT-3.0.13-0.1mdvmes5.i586.rpm 62d639de32fef65aef8570c51276cb94 mes5/i586/firefox-ro-3.0.13-0.1mdvmes5.i586.rpm 0d3b10dc73e079018344d44832438ea8 mes5/i586/firefox-ru-3.0.13-0.1mdvmes5.i586.rpm 32a5aaeaf848da9aa7faba6f9d9f0289 mes5/i586/firefox-si-3.0.13-0.1mdvmes5.i586.rpm ce70f29874f44b4117a33d57800df5aa mes5/i586/firefox-sk-3.0.13-0.1mdvmes5.i586.rpm e81efac5f94ee35764a11df872d0290c mes5/i586/firefox-sl-3.0.13-0.1mdvmes5.i586.rpm 969c7c1522c5373afb1eecf406d6c260 mes5/i586/firefox-sq-3.0.13-0.1mdvmes5.i586.rpm 4ed22d07ae67fc6485485af042cd8343 mes5/i586/firefox-sr-3.0.13-0.1mdvmes5.i586.rpm c6d4137d25e4fa72095344462a65bdd7 mes5/i586/firefox-sv_SE-3.0.13-0.1mdvmes5.i586.rpm 2341ba79e4cb97d9d60468dbf830d2fb mes5/i586/firefox-te-3.0.13-0.1mdvmes5.i586.rpm f34c9a0a4688eac1cc5751c6cc5cac0d mes5/i586/firefox-th-3.0.13-0.1mdvmes5.i586.rpm 65d9f18cb1102f84c24ae0582cd4fa52 mes5/i586/firefox-tr-3.0.13-0.1mdvmes5.i586.rpm 82d53b480119bd4a7f99c5f15c03021a mes5/i586/firefox-uk-3.0.13-0.1mdvmes5.i586.rpm 942142b433ac41efcfac98a6284b6df1 mes5/i586/firefox-zh_CN-3.0.13-0.1mdvmes5.i586.rpm c13f0e4ff2b0454c0f039fb4d9e1b906 mes5/i586/firefox-zh_TW-3.0.13-0.1mdvmes5.i586.rpm 28a317a81524e49dae66c679e071c7dc mes5/i586/libxulrunner1.9-1.9.0.13-0.1mdvmes5.i586.rpm f2fee170073833e92e05a1773fd7f79a mes5/i586/libxulrunner-devel-1.9.0.13-0.1mdvmes5.i586.rpm ee14bbfaa18e70c6e84ef4ef052f5518 mes5/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.i586.rpm f2cefcf568fb77cd7e9e57dad40643dc mes5/i586/xulrunner-1.9.0.13-0.1mdvmes5.i586.rpm af4d5ee43a7579e733e45b133525e7fe mes5/i586/yelp-2.24.0-3.9mdvmes5.i586.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: e03c3478bf344987f76907e81c291569 mes5/x86_64/firefox-3.0.13-0.1mdvmes5.x86_64.rpm 989de385bb476f7522882541aab3e05f mes5/x86_64/firefox-af-3.0.13-0.1mdvmes5.x86_64.rpm 7b84837d2401a0c7cff4f7481d69578e mes5/x86_64/firefox-ar-3.0.13-0.1mdvmes5.x86_64.rpm 51d077dc8a98838525f9c8614caf7811 mes5/x86_64/firefox-be-3.0.13-0.1mdvmes5.x86_64.rpm 6286b0236105ae18397c4a91d33e439b mes5/x86_64/firefox-bg-3.0.13-0.1mdvmes5.x86_64.rpm 2de1a7bcc7261876eff13fae68b08189 mes5/x86_64/firefox-bn-3.0.13-0.1mdvmes5.x86_64.rpm 1e44ba305a7e68d52647450f8777e213 mes5/x86_64/firefox-ca-3.0.13-0.1mdvmes5.x86_64.rpm ea295a97b2fa4b68bb093627a86d64c9 mes5/x86_64/firefox-cs-3.0.13-0.1mdvmes5.x86_64.rpm 137181dc58e872687e07c05961b3e844 mes5/x86_64/firefox-cy-3.0.13-0.1mdvmes5.x86_64.rpm 0e566afa6fc6039453a07774cb2a8afd mes5/x86_64/firefox-da-3.0.13-0.1mdvmes5.x86_64.rpm 9e0adea3596af1f8f95dcfac4a882aed mes5/x86_64/firefox-de-3.0.13-0.1mdvmes5.x86_64.rpm 007ec7d357e3f92cfc2def7390c5de69 mes5/x86_64/firefox-el-3.0.13-0.1mdvmes5.x86_64.rpm b3cb3fec4847f3950df7c8eb63a30654 mes5/x86_64/firefox-en_GB-3.0.13-0.1mdvmes5.x86_64.rpm dcb54c4aaec8489e2e768ecbda74391d mes5/x86_64/firefox-eo-3.0.13-0.1mdvmes5.x86_64.rpm 35985b7b0d0dee31e04608a0290e9ef6 mes5/x86_64/firefox-es_AR-3.0.13-0.1mdvmes5.x86_64.rpm 6154a855d02f202ce2abec4f24857189 mes5/x86_64/firefox-es_ES-3.0.13-0.1mdvmes5.x86_64.rpm f11f06980dc4911bcecc05daecae10c3 mes5/x86_64/firefox-et-3.0.13-0.1mdvmes5.x86_64.rpm 763ce8174c14f409dddfbd1fdb8aa33a mes5/x86_64/firefox-eu-3.0.13-0.1mdvmes5.x86_64.rpm 8e06f6d02f31cd75a5f0adc2c07b5b79 mes5/x86_64/firefox-fi-3.0.13-0.1mdvmes5.x86_64.rpm 91a7e39c750b5f13621a6e28026a9a29 mes5/x86_64/firefox-fr-3.0.13-0.1mdvmes5.x86_64.rpm a42546e8023cc76b9fa20197b4c8d879 mes5/x86_64/firefox-fy-3.0.13-0.1mdvmes5.x86_64.rpm a5c71261c0569a7ac356cd524bcc8e2b mes5/x86_64/firefox-ga_IE-3.0.13-0.1mdvmes5.x86_64.rpm 9c7bdef8c25b9f8bde7fc23330d9ee56 mes5/x86_64/firefox-gl-3.0.13-0.1mdvmes5.x86_64.rpm 57fc2626a71cd7c30b29bf6f657d8b01 mes5/x86_64/firefox-gu_IN-3.0.13-0.1mdvmes5.x86_64.rpm fdcfc85e77649e447205447fe50c5dfd mes5/x86_64/firefox-he-3.0.13-0.1mdvmes5.x86_64.rpm 8362b8bb5dbdcbfb59c4611329d093cd mes5/x86_64/firefox-hi-3.0.13-0.1mdvmes5.x86_64.rpm dcf7d31040980c688857daae110b0f19 mes5/x86_64/firefox-hu-3.0.13-0.1mdvmes5.x86_64.rpm 0d2b895382a88cb60a1bd85f4998ed6a mes5/x86_64/firefox-id-3.0.13-0.1mdvmes5.x86_64.rpm c76cf1e3e063204dbd7b43cbb2057cba mes5/x86_64/firefox-is-3.0.13-0.1mdvmes5.x86_64.rpm 3bb2be5f72710786bb187716cb6574c1 mes5/x86_64/firefox-it-3.0.13-0.1mdvmes5.x86_64.rpm 70c2a50d16cccd9c3cf9fd8d94239594 mes5/x86_64/firefox-ja-3.0.13-0.1mdvmes5.x86_64.rpm bba8deee10fda2787de3ab64fa4d9a7f mes5/x86_64/firefox-ka-3.0.13-0.1mdvmes5.x86_64.rpm 68b364b3b98f289c7a23f53e221d47e8 mes5/x86_64/firefox-kn-3.0.13-0.1mdvmes5.x86_64.rpm a4f1ae70d33196720fdd44e596603655 mes5/x86_64/firefox-ko-3.0.13-0.1mdvmes5.x86_64.rpm 6346cf41df51d14326568731308532bf mes5/x86_64/firefox-ku-3.0.13-0.1mdvmes5.x86_64.rpm d29a7afa66350e378bf5d3de7f76203f mes5/x86_64/firefox-lt-3.0.13-0.1mdvmes5.x86_64.rpm f0c2b91ae52b0fd6309c13c6aa7dae39 mes5/x86_64/firefox-lv-3.0.13-0.1mdvmes5.x86_64.rpm bf856892d6521c21ee75e1319c78dd34 mes5/x86_64/firefox-mk-3.0.13-0.1mdvmes5.x86_64.rpm ef8ab221b17c2da7b78c6055bb560af4 mes5/x86_64/firefox-mn-3.0.13-0.1mdvmes5.x86_64.rpm 5ef379935bc2943e1ee5b18a6447bbbf mes5/x86_64/firefox-mr-3.0.13-0.1mdvmes5.x86_64.rpm a1aaa61a653132105b4b2f40a2625e4b mes5/x86_64/firefox-nb_NO-3.0.13-0.1mdvmes5.x86_64.rpm 339baf16b41ba0660fde271355a3de7d mes5/x86_64/firefox-nl-3.0.13-0.1mdvmes5.x86_64.rpm c650a19b817d2b8cc1662986ffb04e59 mes5/x86_64/firefox-nn_NO-3.0.13-0.1mdvmes5.x86_64.rpm dc4d96fd6075c6a90b66b477510e179d mes5/x86_64/firefox-oc-3.0.13-0.1mdvmes5.x86_64.rpm 1b3dfa583675569048d1edeefe5c57ea mes5/x86_64/firefox-pa_IN-3.0.13-0.1mdvmes5.x86_64.rpm 8afc2ee811699233cd4d14fb0bb1d296 mes5/x86_64/firefox-pl-3.0.13-0.1mdvmes5.x86_64.rpm d79b9366c1e992a712c5a4f91b5dc786 mes5/x86_64/firefox-pt_BR-3.0.13-0.1mdvmes5.x86_64.rpm fa1f52c44c980cbd5dca80493e6675ee mes5/x86_64/firefox-pt_PT-3.0.13-0.1mdvmes5.x86_64.rpm 2a17cc2687a58a08354a5b10d2d3b852 mes5/x86_64/firefox-ro-3.0.13-0.1mdvmes5.x86_64.rpm 8000f1cb87249be3a0349d04cd4a9eb7 mes5/x86_64/firefox-ru-3.0.13-0.1mdvmes5.x86_64.rpm dad9e02f89bbb0854b275a148c66241c mes5/x86_64/firefox-si-3.0.13-0.1mdvmes5.x86_64.rpm c7d158a23a34629f14020eb5efaaf347 mes5/x86_64/firefox-sk-3.0.13-0.1mdvmes5.x86_64.rpm c8292fb404bbc4fc723583f656074fce mes5/x86_64/firefox-sl-3.0.13-0.1mdvmes5.x86_64.rpm 41706d44a8c609ea2ca0911c8216f9c2 mes5/x86_64/firefox-sq-3.0.13-0.1mdvmes5.x86_64.rpm dd036fccfa39a75f5f2d08c3c8e7348a mes5/x86_64/firefox-sr-3.0.13-0.1mdvmes5.x86_64.rpm f03d90e5417feca4d2fc3f03303023e7 mes5/x86_64/firefox-sv_SE-3.0.13-0.1mdvmes5.x86_64.rpm ee392c1fa9a4d6a286daae882fac30dd mes5/x86_64/firefox-te-3.0.13-0.1mdvmes5.x86_64.rpm e7dbf99e35d5709d2ba79997be5a0d8f mes5/x86_64/firefox-th-3.0.13-0.1mdvmes5.x86_64.rpm 4104f247e2eee44420fe588c2dc73f06 mes5/x86_64/firefox-tr-3.0.13-0.1mdvmes5.x86_64.rpm 9376a1d0cb246a9bf3ddde32d6547c3a mes5/x86_64/firefox-uk-3.0.13-0.1mdvmes5.x86_64.rpm 5e17ce5c19b28d4bf91b9ec4583a435b mes5/x86_64/firefox-zh_CN-3.0.13-0.1mdvmes5.x86_64.rpm b75f0b6f95cd8df522663ff5d5247912 mes5/x86_64/firefox-zh_TW-3.0.13-0.1mdvmes5.x86_64.rpm c22b5e430870d9e46ddf2fc49a3f399a mes5/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdvmes5.x86_64.rpm 99039eb2e0e34653b4f8a702df3eba28 mes5/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 8f8dc6a09f009108d5e58aed35bc3c88 mes5/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 64c12a8b37ce470ddeca303330fc759d mes5/x86_64/xulrunner-1.9.0.13-0.1mdvmes5.x86_64.rpm 50e336826d9447ee0a11ac696740f78a mes5/x86_64/yelp-2.24.0-3.9mdvmes5.x86_64.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfHuImqjQ0CJFipgRArnYAJwJ+vTi6q/JO7k6XU42/uknW/nuaQCdH6cE IPsXB9VGzG+N6kDjB1qX6x0= =dRCP -----END PGP SIGNATURE-----
var-200505-0310	The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have published advisories for 4 security vulnerabilities in Mac OS X that were addressed by Apple Security Update 2005-005, released today. <http://docs.info.apple.com/article.html?artnum=301528>. This email contains brief summaries of the problems. Full details can be found on my web site <http://remahl.se/david/vuln/>. Description: help: URI handler execution of JavaScripts with known paths vulnerability My name: DR004 <http://remahl.se/david/vuln/004/> CVE: CAN-2005-1337 [yes, cool, isn't it ;-)] Summary: The Help Viewer application allows JavaScript and is thus vulnerable to having scripts with arbitrary paths run with the privileges granted to file: protocol URIs. The files can be started with a URI on the form of help:///path/to/file.html. Combined with XMLHttpRequest's ability to disclose arbitrary files, this security bug becomes critcal. Description: Invisible characters in applescript: URL protocol messaging vulnerability My name: DR010 <http://remahl.se/david/vuln/010/> CVE: CAN-2005-1331 Summary: URL Protocol Messaging is a technique used by Script Editor to facilitate sharing of AppleScripts between users. By clicking a link (for example in a web forum), a user can create a new Script Editor document automatically, with text from the query string of the URI. This avoids problems with copying text from the web or manually typing code snippets. However, the technique can be used to trick users into running dangerous code (with embedded control characters), since insufficient input validation is performed. Using escape sequences and social engineering attacks it is in some cases possible to trick the user into performing arbitrary commands. I would like to acknowledge the willingness of Apple's Product Security team to cooperate with me in resolving these issues. CERT's assistance has also been helpful. / Regards, David Remahl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a PJwheHWkjnBAG4kNnAa/6QE= =iJNj -----END PGP SIGNATURE-----
var-201912-0606	An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). SQLite is prone to the following security vulnerabilities. 1. Multiple privilege-escalation vulnerabilities 2. A memory corruption vulnerability 3. An information-disclosure vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the affected application, disclose sensitive information, elevate privileges, and perform unauthorized actions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----
var-201302-0253	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. The vulnerability can be exploited over the 'SSL/TLS' protocol. This issue affects the 'JSSE' sub-component. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43627 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43627/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43627 RELEASE DATE: 2011-03-08 DISCUSS ADVISORY: http://secunia.com/advisories/43627/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43627/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43627 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged some vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA43262 Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. Please see vendor advisory for more details. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-003/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 is now available and addresses the following: Java Available for: OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_37 Description: Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. For Mac OS X v10.6 systems, these issues were addressed in Java for Mac OS X v10.6 Update 13. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/ releasenotes-136954.html CVE-ID CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0446 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java Description: Multiple vulnerabilities existed in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2013-1486 CVE-2013-1487 CVE-2013-1488 Malware removal Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. Java for OS X 2013-001 and Java for Mac OS X 10.6 Update 13 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.Update13.dmg Its SHA-1 digest is: 5327984bc0b300c237fe69cecf69513624f56b0e For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX2013-001.dmg Its SHA-1 digest is: 145d74354241cf2f567d2768bbd0a7185e7d308a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRI/A/AAoJEPefwLHPlZEwDp4QAKz9nfo397KaudpFDey26bsb GNR8HQ3Z5Ln0ArgwBcc2XabzIYXsjmY7nPdZgq1m0sWgFGWtfQ7qslRooUyNLOsB WUddu+hQYvPn3CJOZsaPfTA2mfK6Qk9LeyqzUUkZrRNltHnIFMO7uXLEIdrFdnnx exFMPjbIq+xM5UZgvd/2grtF4DaZHnbcK+t/tDwH09/hGRQ+l+3a/3FB2S1Av85c FSuiieyrz2NNnDwFCj5NeSFQuK7hr52TiSOEPYI2eiTepyBHrUy03wAe8uwIzQII RjkY3Nbc8AZt0Q6lq5TgsQbH+vrwVE07nty36uMKmE2vJXyOAIZjfrrwv9SetLwd QnU5NYMbeHAHmSN5JQfuvDxEfL15/7Jafw2noJGotdrMzs6XQACFIHKqLORdwNkp sltj3LwykpcyoCR8Dq7NPafqhp2wySaHX8DFSohcq1aa1w+SLDgPCZUAzknwokCL f/hVQzP6hD0uHP/2jsLjh5g6TgHmCRdR+CKCs7QZaYAUketelRX9YOcgcXzqf5sy EcbDvJ+rd3KsQ9gIByGwVhHD87NSZDJAyG0ROjMMS9w/7l7nhGxedzGzlyK3oNl/ VpewgZ8FpUrvY80HOPz5XyFmX+HQoSnJ8er6OI5AvHBPn+Z1yHDLS5zpLeDD/wO9 rmbzMJjZUnlCDXoLEVQ9 =qlVo -----END PGP SIGNATURE----- . References: CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0169, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, CVE-2013-1489, CVE-2013-1493 SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.04 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1541 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3213 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3342 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0169 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2013-0351 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-0409 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0419 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0423 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0424 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0425 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0426 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0427 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0428 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0431 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-0433 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0434 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0435 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0437 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0438 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0440 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0441 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0442 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0443 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-0444 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0445 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0446 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0450 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1473 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-1475 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1476 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1478 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1480 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1484 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1485 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-1486 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1487 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1489 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1493 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java HP-UX B.11.23, B.11.31 JDK and JRE v7.0.05 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.05 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.04.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 25 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-1724-1 February 14, 2013 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-7: Open Source Java implementation - openjdk-6: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438) Several data integrity vulnerabilities were discovered in the OpenJDK JRE. (CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435, CVE-2013-0443) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2013-0440) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. (CVE-2013-0444) A data integrity vulnerability was discovered in the OpenJDK JRE. (CVE-2013-0448) An information disclosure vulnerability was discovered in the OpenJDK JRE. (CVE-2013-0449) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. (CVE-2013-1481) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-jamvm 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-headless 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-lib 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-zero 7u13-2.3.6-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.12.04.2 icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.12.04.2 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.11.10.2 icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.11.10.2 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.10.04.2 This update uses a new upstream release which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444). Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges (CVE-2013-1478, CVE-2013-1480). A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions (CVE-2013-0432). The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted (CVE-2013-0435). Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434). It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack (CVE-2013-0424). It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake (CVE-2013-0440). It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack (CVE-2013-0443). Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486, CVE-2013-1484). An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485). It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-0169). An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-0809). It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-1493). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <securitymandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZQ6mmqjQ0CJFipgRArrgAKCPZMbOA1UtXaG4tQd9CKEggT1x/gCfYfXv 8XJUrvALufbbaHuyChk9zik= =TGuI -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:010 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : February 11, 2013 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security issues were identified and fixed in OpenJDK (icedtea6): * S6563318, CVE-2013-0424: RMI data sanitization * S6664509, CVE-2013-0425: Add logging context * S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time * S6776941: CVE-2013-0427: Improve thread pool shutdown * S7141694, CVE-2013-0429: Improving CORBA internals * S7173145: Improve in-memory representation of splashscreens * S7186945: Unpack200 improvement * S7186946: Refine unpacker resource usage * S7186948: Improve Swing data validation * S7186952, CVE-2013-0432: Improve clipboard access * S7186954: Improve connection performance * S7186957: Improve Pack200 data validation * S7192392, CVE-2013-0443: Better validation of client keys * S7192393, CVE-2013-0440: Better Checking of order of TLS Messages * S7192977, CVE-2013-0442: Issue in toolkit thread * S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies * S7200491: Tighten up JTable layout code * S7200500: Launcher better input validation * S7201064: Better dialogue checking * S7201066, CVE-2013-0441: Change modifiers on unused fields * S7201068, CVE-2013-0435: Better handling of UI elements * S7201070: Serialization to conform to protocol * S7201071, CVE-2013-0433: InetSocketAddress serialization issue * S8000210: Improve JarFile code quality * S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class * S8000540, CVE-2013-1475: Improve IIOP type reuse management * S8000631, CVE-2013-1476: Restrict access to class constructor * S8001235, CVE-2013-0434: Improve JAXP HTTP handling * S8001242: Improve RMI HTTP conformance * S8001307: Modify ACC_SUPER behavior * S8001972, CVE-2013-1478: Improve image processing * S8002325, CVE-2013-1480: Improve management of images * Backports * S7010849: 5/5 Extraneous javac source/target options when building sa-jdi The updated packages provides icedtea6-1.11.6 which is not vulnerable to these issues. Download and install the updates from The HP Software Support Online (SSO). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0237-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0237.html Issue date: 2013-02-04 CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0430 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0448 CVE-2013-0449 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1479 CVE-2013-1480 CVE-2013-1489 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1489) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 13 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906449 - CVE-2013-1489 Oracle JDK 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906930 - CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install) 906932 - CVE-2013-0449 Oracle JDK: unspecified vulnerability fixed in 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906934 - CVE-2013-0448 Oracle JDK: unspecified vulnerability fixed in 7u13 (Libraries) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907190 - CVE-2013-1479 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JavaFX) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907222 - CVE-2013-0437 Oracle JDK: unspecified vulnerability fixed in 7u13 (2D) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0430.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0437.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0448.html https://www.redhat.com/security/data/cve/CVE-2013-0449.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1479.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1489.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFREE70XlSAg2UNWIIRAl0aAJ9geHwpDX2Kb2LdBP3WSQxnPNr97gCgmyRY c2rbNUSIrrFwoG5d602o5QY= =Kt+4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-202005-1028	A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. ========================================================================= Ubuntu Security Notice USN-4365-2 May 20, 2020 bind9 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: bind9 1:9.9.5.dfsg-3ubuntu0.19+esm2 Ubuntu 12.04 ESM: bind9 1:9.8.1.dfsg.P1-4ubuntu0.30 In general, a standard system update will make all the necessary changes. 6.6) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2020:3433-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3433 Issue date: 2020-08-12 CVE Names: CVE-2020-8616 CVE-2020-8617 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: bind-9.9.4-51.el7_4.4.src.rpm noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: bind-9.9.4-51.el7_4.4.src.rpm noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm ppc64le: bind-9.9.4-51.el7_4.4.ppc64le.rpm bind-chroot-9.9.4-51.el7_4.4.ppc64le.rpm bind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm bind-libs-9.9.4-51.el7_4.4.ppc64le.rpm bind-libs-lite-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.ppc64le.rpm bind-utils-9.9.4-51.el7_4.4.ppc64le.rpm x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: bind-9.9.4-51.el7_4.4.src.rpm noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: bind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm bind-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-lite-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-sdb-9.9.4-51.el7_4.4.ppc64le.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.ppc64le.rpm x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzPV8dzjgjWX9erEAQgCUA//dmZr/zZbkimNYOaBBZ00RvF26rGRA7yV yVgYREXrAF1lgd78GDJ7rL0Y1r7rIursw/la069kK4F8efbSG4o8b4VUtC85+E+Q O6crm0Dm17ns4a5ix97uliNk+H9tyjKPVW4aQFJujhSD+Dx5y9bOByfv8HFI4oh3 tCWmgFoPjcEpWMuIGR1saqrbFWN1Ukz3867jCLaWUr8b4A7XxngDPwd7qtceLpSW jYt5OaTIhOV3kjICJ5jY69S1D5Ab17/ObGfaq8nOJcRin+XvZgcfgWt00QI+mYkA ex63m8aGGE3o32MCS/6wsGY/4vP8U7XNe19f9JQTG8ZA4S/PdUJW7y5oRFEWgHg7 HtveWp+EkGyOB1HU7dRVVBP1lhMaWlz55WjhBoNc6xjV7Zi3IU/W1O85AOL8VtxX XzI6Gk+FWFOgocfLh7DexFOj+4iCtX7Ew3862PPwME1bXh4ijlKgkYvcotJCLCL6 IQGGLWIjIT8BBr1avjTBn998XBx3UxFzyo4QyQRB38fzKaYRXbMPXNWSmlq1CtA3 U0m5D2TVZGgVEH7/jlWHWzhNpO1TfhHEyyIDHWBpobATTVvToHeCdcQsDbZpuT3/ 8jdswGAx+PKQJI4Q4sPzsfXrXbUew/aS2kybTrkKVuGntIvY0C1EcLYZjbNHEKcG e/FXzzEtVBw\xd4RR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information 5. CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. For the oldstable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6. For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39 tMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF lOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR inKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s kUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp HokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV ssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF Rx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/ FK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o ye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp WIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs= =SqNI -----END PGP SIGNATURE-----
var-201705-3873	In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. Open vSwitch (OvS) Contains an integer underflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Open vSwitch is prone to a remote integer-underflow vulnerability because they fail to sufficiently validate an integer value. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service conditions. Open vSwitch 2.7.0 is vulnerable; other versions may also be affected. Open vSwitch (OVS) is a multi-layer virtual switch product based on open source technology (following the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. There is an integer overflow vulnerability in the 'ofputil_pull_queue_get_config_reply10' function of lib/ofp-util.c file in OvS 2.7.0 version. ========================================================================== Ubuntu Security Notice USN-3450-1 October 11, 2017 openvswitch vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Open vSwitch. Software Description: - openvswitch: Ethernet virtual switch Details: Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. (CVE-2017-9263) It was discovered that Open vSwitch incorrectly handled certain malformed packets. This issue only affected Ubuntu 17.04. (CVE-2017-9265) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: openvswitch-common 2.6.1-0ubuntu5.1 Ubuntu 16.04 LTS: openvswitch-common 2.5.2-0ubuntu0.16.04.2 In general, a standard system update will make all the necessary changes. 1473735 - ovs-vswitchd crashes with SIGSEGV randomly when adding/removing interfaces 6. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openvswitch security, bug fix, and enhancement update Advisory ID: RHSA-2017:2418-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2017:2418 Issue date: 2017-08-03 CVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 ===================================================================== 1. Summary: An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Channel to provide early releases to layered products - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. The following packages have been upgraded to a later upstream version: openvswitch (2.7.2). An attacker could use this flaw to cause a remote DoS. (CVE-2017-9214) * In Open vSwitch (OvS), while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. (CVE-2017-9263) * A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). An attacker could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9265) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Channel to provide early releases to layered products: Source: openvswitch-2.7.2-1.git20170719.el7fdp.src.rpm noarch: openvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm python-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm x86_64: openvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-9214 https://access.redhat.com/security/cve/CVE-2017-9263 https://access.redhat.com/security/cve/CVE-2017-9264 https://access.redhat.com/security/cve/CVE-2017-9265 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah V7og7GgSn4a1oFzQjIZHeXk= =qOi+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-200908-0708	Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. =========================================================== Ubuntu Security Notice USN-813-3 August 08, 2009 apr-util vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libaprutil1 1.2.12+dfsg-3ubuntu0.2 Ubuntu 8.10: libaprutil1 1.2.12+dfsg-7ubuntu0.3 Ubuntu 9.04: libaprutil1 1.2.12+dfsg-8ubuntu0.3 After a standard system upgrade you need to restart any applications using apr-util, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz Size/MD5: 25223 c491683a8eafa49c7405a3f300e65121 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc Size/MD5: 1324 88ae14ce33166e372cdd6f8bcf613f92 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 133304 e29516cb4b454f1c3cd325e5cbe39cb4 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 129976 8f85bb63ecb4065a80b1b88ba8d76948 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 76016 4e9115941ed9159e504184ca13aa90e4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 126510 2da368c73ee8f98b5dab99e1709f1156 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 119570 3d2ae02052a2b86d26aaf2f33c412a33 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 70528 388a8676998117644995e177f5936bbe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 128320 dabf57ad0cecb8fcd89fe727ed3dc31b http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 119216 45a38f1b5754562d783f75d24210c74d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 69700 4da2de6469a2986eaa1a6a83189424ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 134052 317a3362a63bac3e6968793b1bae8772 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 130390 6a22f60dd54ebb4905f32c7e25d016a7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 80238 46514a01aafcaf4c2f9403aecec2ee67 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 120272 ff0c69402549737e9ded54e1f8121183 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 124284 e4f8d6fb63c40e2c7e1f76c17e731ae7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 71220 c9e3d018c2c90ff0df35076ce9cc61c9 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz Size/MD5: 26056 681e0a17fbbc73c4df8039af9c9bf39b http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc Size/MD5: 1632 0b733d35b65cbaa590106f5439a3d60c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 150926 f84b953448992901f397163370ea50cb http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 136498 5aacc2b07791b3bd829ac7f86acd339c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 82582 c9026cdd489cd35e370ba77d2340b61a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 144188 37a2d20a24036401f18fda98f305f707 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 124918 ab9e5a80eadcc83a56fa79947bcf50d2 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 75948 f60d59dc4dfae7642759e9e04836a043 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 145568 461f743ee035d1c819e999b7fb285e3d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 124706 88715c94e75a9208472f89315a43a191 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 75294 75ec0cb0a60394270ed01c624ab2ca45 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 150370 b4ceaab7f90f66cfa7c1f49807392eb3 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 136022 e387a546ebdac695e59c0a9c8e81c317 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 84950 b686d8972716ba63a3d11d814839b9cf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 135514 9827bf55329a04b17f6a7f84607cf2c2 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 128478 cb3c9c3ed8c65bb4150bb43695c7e100 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 75496 3ea0dff43bb0f651ae0148e448d13ad4 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz Size/MD5: 23312 6585617002ebb7d19e1bda7e099ae282 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc Size/MD5: 1630 f7de26eb17fec57fa163e3e4410206ba http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 147492 81a39d8f099e1df7ebe44fe183c4b862 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 133158 b419556248ef642ba39d885977836d21 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 79108 ce8b662218c46553859aa56e62eb7478 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 140628 652b4cebfd41a022bce97331144cb781 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 121362 e7116f8304e07bfe3972909d5d3a2527 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 72564 45123878c4a49deac7b9cd3d2ffc114b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 141900 5ebf828408751090b98f5bcc333091d1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 121152 7966b64663cdb9f2f356bab6bf5497a1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 71974 fa4eecc0e9fbde67202a4d6cb23428a4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 146736 c24f4e72d8d235ee281c73c0f28ed9d4 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 132578 08e7e684493b5be07caf87ee4a72b794 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 81516 ddccbfd2f3c16afab66d3497e16b0a7b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 131528 05cf349f401cadcce9b4f05af60c5a7c http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 124898 d558d40964826c4fd4653c31e1df8225 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 71818 d0edb0876c741dfddbd063d9d84ea10f . This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution. For the old stable distribution (etch), this problem has been fixed in version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of the apr-util package. For the stable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1 of the apr-util package. For the unstable distribution (sid), this problem will be fixed soon. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz Size/MD5 checksum: 643328 a3117be657f99e92316be40add59b9ff http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc Size/MD5 checksum: 1036 9dc256c005a7f544c4d5c410b226fb74 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz Size/MD5 checksum: 26613 021ef3aa5b3a9fc021779a0b6a6a4ec9 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz Size/MD5 checksum: 21651 e090ebfd7174c90bae4e4935a3d3db15 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz Size/MD5 checksum: 1102370 aea926cbe588f844ad9e317157d60175 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc Size/MD5 checksum: 856 89662625fd7a34ceb514087de869d918 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb Size/MD5 checksum: 121726 df1e2d6e8bf9ed485ad417fe274eb0e3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 83690 b5873275f420b15f9868ea0dde699c60 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb Size/MD5 checksum: 371668 4e8bd42151f3cdf8cee91c49599aab42 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 129158 5074639b4b0d9877ff29b96540fdfaec http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb Size/MD5 checksum: 185420 ddf84849ff3bee792dc187c6d21958bd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 148140 079cff06535a7e3f4e9a5d682d80bb1b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 72946 6b11e4b65bdf67981a091177d9644007 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 126156 b420f555d02504e0497a0ba3c27e0cac http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 127742 1606857f3291ccb10e038219f1f2eab3 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb Size/MD5 checksum: 187302 bb1a4aa5768fa012201ad1e72bc27e93 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb Size/MD5 checksum: 348120 b5d6b4e7c628dffe867159b54b6c82f1 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb Size/MD5 checksum: 111664 6b51dc29ea4defa975902d246188086f arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 121504 3ba789c274f2ed7030aa286ea57dbb3d http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb Size/MD5 checksum: 175146 86ff258e9181fa424cb043dc22e2c0e0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 117302 97d701c8f9d6746eb14448bfde8e8588 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb Size/MD5 checksum: 104934 45a976662beb7ec3b15ee7c7a45f3de7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 66110 09c54142359236f50654bd9c7b375781 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb Size/MD5 checksum: 335520 14d06ecfb54247718b780c893df8f4cc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 126186 9494353aa42e983a245af2890dd2c6d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 78668 60c87b0e86c1ed31deecddd88cdf5fa5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 133918 ae993c733053a326603c5b750505bee9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 116052 6238f10eb5077bb53b9664b82b985c40 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb Size/MD5 checksum: 338694 262cec472ec3aaeb1b4d38eebaa940c8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 68854 78ab4f6425153d8b746b99842994d555 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb Size/MD5 checksum: 109138 4aa254cacd4e95785ae823cedb1cce2f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 122136 4a16475bb5780625902c79069681ae74 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb Size/MD5 checksum: 180654 481471d06045a2e348b55de6dbdf5f94 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 156562 52761fff3e82e21728e0c6a79bf4508f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 99446 3ad58d882e434e39be525e7aa41d9e93 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb Size/MD5 checksum: 141894 5b7351a6b4c3765e3d76b9d22e04cf0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 118716 8c73712293cd4d9a5935aefd18a3e4c9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb Size/MD5 checksum: 171514 f474001e4f852a44af517b5d6f737a65 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb Size/MD5 checksum: 385514 76d0bbda16c749f6a5b40fd6297a180a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb Size/MD5 checksum: 188816 de1ecb467042d2c1891cc1d2f5db83d9 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130394 fc34d9b137c080b63374d809c1d6bf8b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130492 4d7cdffabbef214eeea0c02a346d0eb8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb Size/MD5 checksum: 357368 aab08f1596aead97cc48924ebf99c80e http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb Size/MD5 checksum: 112644 9c6d720999259453daaa13e8ec3c8336 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb Size/MD5 checksum: 186464 5b2392a143ff8a173a771b819377ab47 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 128052 02e3c278190e92d7131c275aab5f5c44 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb Size/MD5 checksum: 358010 480087a77642a8ff99a32bb323b62600 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 130712 50da703a75deb2ba87d4be171e80bd5b http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb Size/MD5 checksum: 113352 d363370bcba834268202db5271b20aa3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 70794 1f57c4362c286bd0d2df40d775690612 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 125106 92d5d46effd18aaa8e849254d9da8acd http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb Size/MD5 checksum: 348504 2f4f96652c28e3f5f1cfae8e5265ec83 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 130380 dacdce767bcff6b0ecbe66add6838e8b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb Size/MD5 checksum: 189780 ae1e23e3080fbfe3ba26b8acf9561d6c http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb Size/MD5 checksum: 113956 1e2ba4da9ee0775325b351887c182f52 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 72472 3a47c9eca3ec7b6f4e87609b3aca7f65 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 124802 cdd46922b57a51fedb25ae401d8dc753 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb Size/MD5 checksum: 121978 71edc1d101933b1a43a9c395427a4aed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 128570 f0f7d5dfecb61c6212e0803a325e8a01 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb Size/MD5 checksum: 186320 cca313c55848e6161810ff16fb71390f http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb Size/MD5 checksum: 349848 b9cbaa0a70b9bfa28d74ac4a6e107428 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 76668 f6b5e093ae1c3c5d4442e223115052de sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb Size/MD5 checksum: 338056 ab06437e18c1cc36dab35779cc4102d8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb Size/MD5 checksum: 103200 1c6f94d15f4e3052e9ed80fc232f96b5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117840 5f0671d301a9e2ea8020d0dcaa71a42b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 66374 668815a44c99c366ae8e3f624613932e http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb Size/MD5 checksum: 167962 f338f71eeb38be58c67d1ac0fd92d1ff http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117510 63dd9c471f24472eb46a5fd9dcb92077 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5 checksum: 1127522 020ea947446dca2d1210c099c7a4c837 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz Size/MD5 checksum: 12398 b407ff7dac7363278f4f060e121aa611 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc Size/MD5 checksum: 1530 dccceaa89d58074be3b7b7738a99756b http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz Size/MD5 checksum: 23138 a2222477de9ad92015416542a2c250ed http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc Size/MD5 checksum: 1284 4330306f892fd7c0950b1ccf2537b38d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 806236 3689d5ee779d3846fe67c9dad2f213dc http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 53204 92bb2e8a7c48e6f8437680e08607a3f7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 147658 edba141e93c382fbf0ab2bbec1dba899 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 158060 b80ad32790c6c8d89f0007a69d9ce0b8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 90740 c715b55d060a2d4e8d7684477d0b9014 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 121774 565a4fdd123d04698907456e40d4df0b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 54232 3f23cc38f68bbf926b801b82b3fea917 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 80046 f6158018f26ddd6369687b8f9f64aa75 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 114326 851cc08504589c09f08ec9e6efa52ef1 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 147928 136a5a5c0d558d8f252d1ed44efed217 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 133850 6b71ac477650c688863ef33fc58216a0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 825740 bf80dbc726c5b691b023e96e463ba88c arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 818438 8e6c8a9964650a793e4a0e5ec51a8619 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 54912 a853d8175d2bee56c6f37aada02fc2ca http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 107790 85e0815ff8f340d99052a9c9f604cccd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 71112 20a4c9fd130c188166c0ebc6ceff5fcf http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 138982 c84f95cff9713ed403fae7b712456ade http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 124090 c4fc3663255a416725a69818e3523731 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 109676 e26ebffcc101ffc87963c9a65b3543f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 124626 4c34337eb3d1d55900a067f2c8412abc http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 821990 19c68f5f904bb3bbdfd44349f8544e83 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 55820 f39b0928bc4b91fb60bd6259c6ae6e02 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 70086 1d3032e0879ed1ea6fa2f04c34af1782 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 139434 e802e42577998c62fadfc335edb3b81a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 83668 3c8893214d7375303eaf1eec6e27212b http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 827762 2fd0d8dd54c92c828e42100bb8816b00 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 142916 14e1e2f8fa50b0eb1772f1e4bbc26e50 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 140872 7fef63f2cd282e44c51b5e69d94d8706 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 113954 926b8c39fee1787a94b3d6cc1c6d420b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 54332 18751dc2275828a126b2dbe568678f32 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 73814 2ef03972ed5b2232fe5782c4960bc362 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 54582 edc98ca59cebd14195602929def1da31 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 141438 5a54e1cac30640ca5e9922586d9983a8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 108882 075f37cd43e483d27ff0b94ad01f2d08 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 121138 fc2411e049936d12702713c82377c9e5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 809460 a5648e0404f1cb4244c156cf85bfe0f5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 135404 8f7a4964b22e5e9e5297380c15d8818d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 170110 412b51e1e3c1ed4e309459dd17844e68 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 154362 2fc1441f28ef4f90446464627c8ef36d http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 837496 6862607faf59e42525f5205d8a967818 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 111140 12f0bf9e6264cc9c170c2b8365428cc0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 53428 a6a55d644fb58a0f7ea6a9b509cb71d0 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 110932 feb666e4f402bcb1954bc194c37496d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 147482 e2508cc75520518ccbe4c3a5cf0cc50c http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 56582 5134a012017e629239cc543fedf4edf3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 74584 2fbb1b76079126fd701f32e45a9cf7f0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 792650 126585d9fe0def77f7632f9d098eb11d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 136438 ae62dc1d5a32fac11615f4b67cfa4a6b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 56414 ecca7e3643ccb91fc962b886bdddbc0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 136390 d45f956c14ea9fe22b77bce3810c32b7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 144740 05411f88615592531468cdd89bb4b5d0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 74366 a15e15331a62f33d33481b7e53f07b48 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 792762 dc1e4748e106c82e9f8bf6c3ecce4a38 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 110974 a5dd28b5c9b3106da8e4c81abea6777d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 82512 f8a18fb94a4ef3cabec01c288a26eef5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 55708 555d64273f15c6ebd503b7cb84f0fb29 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 132338 66e77820b5b9d2a05d6df5c4ec2c76b0 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 116238 1a291989c32ea21ac8eef9ca51831fc5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 147180 cc9f274b349dbbb9ce9b69b0d0edf493 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 821948 fc3acf3dec16223caf6f932e8b7c0c01 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 126058 474bddd0f3c5a69cc21fc2d403fe90f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 148614 89cc7bb2619f28e5e6e9d0042050a924 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 133044 fb35625937e6fae551d97df283a32dd9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 787872 2dc32425bfbd17b841218064599d80ed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 85496 c41f2fdebd22ec066815211768dcdc3a http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 54414 c36fa2538d8077a8ef09842e07bd989a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 814624 613a70f3443404f5939e91e229d01d25 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 54370 4c12839718c73a2b96b607d77fcbc583 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 131706 5c2ad3da38aaaab8ac2c14656602c532 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 108712 c1f66be9c2daa447d5bfbd1f7639aada http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 72738 ec558ed4277ca676f07e3181ffad0335 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 124976 22385c13d934c3877ce2f9eeaa4584e3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv U1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD vIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI UKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf F5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l RmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M= =704P -----END PGP SIGNATURE----- . This update provides fixes for these vulnerabilities. Update: apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm 334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm 4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm 3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm 10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm 068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm 4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <securitymandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy wuYdtSQeV/bOOP7w17qo2V0= =V8dA -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows: Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas. Summary: ======== Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear). Known vulnerable: ================= Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). Known fixed: ============ Subversion 1.6.4 Subversion 1.5.7 (Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.) Details: ======== The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow. Severity: ========= A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client. Recommendations: ================ We recommend all users to upgrade to Subversion 1.6.4. We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from <http://www.apache.org/dist/apr/patches/>. New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html References: =========== CVE-2009-2411 (Subversion) CVE-2009-2412 (APR) Reported by: ============ Matt Lewis, Google. Patches: ======== This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile): [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -85,7 +98,7 @@ encode_int(char p, svn_filesize_t val) svn_filesize_t v; unsigned char cont; - assert(val >= 0); + SVN_ERR_ASSERT_NO_RETURN(val >= 0); / Figure out how many bytes we'll need. / v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char p, svn_filesize_t val) n++; } + SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) { - char buf[128], p; + char buf[MAX_ENCODED_INT_LEN], p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t op; apr_size_t len; @@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t val, data is not compressed. / static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t /* First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset \|\| + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t window, svn_fi instin = svn_stringbuf_ncreate((const char )data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char )insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char )instout->data; @@ -685,6 +712,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE \|\| + sview_len > SVN_DELTA_WINDOW_SIZE \|\| + /* for svndiff1, newlen includes the original length / + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN \|\| + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 \|\| inslen + newlen < inslen \|\| sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (tview_len > SVN_DELTA_WINDOW_SIZE \|\| + sview_len > SVN_DELTA_WINDOW_SIZE \|\| + /* for svndiff1, newlen includes the original length / + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN \|\| + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 \|\| inslen + newlen < inslen \|\| sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. / / Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t size_buffer(char *buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -557,8 +557,11 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(buf_size) >= buf_size); buf = apr_palloc(pool, buf_size); } + + return SVN_NO_ERROR; } @@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); / Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t window, void b char old_sbuf = ab->sbuf; /* Make sure there's enough room. / - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); / If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]] This patch applies to Subversion 1.5.x: [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -91,6 +104,8 @@ encode_int(char p, svn_filesize_t val) n++; } + assert(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) { - char buf[128], p; + char buf[MAX_ENCODED_INT_LEN], p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t op; apr_size_t len; @@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t val, data is not compressed. / static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t /* First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset \|\| + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t window, svn_fi instin = svn_stringbuf_ncreate((const char )data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char )insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char )instout->data; @@ -680,6 +707,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE \|\| + sview_len > SVN_DELTA_WINDOW_SIZE \|\| + /* for svndiff1, newlen includes the original length / + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN \|\| + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 \|\| inslen + newlen < inslen \|\| sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (tview_len > SVN_DELTA_WINDOW_SIZE \|\| + sview_len > SVN_DELTA_WINDOW_SIZE \|\| + /* for svndiff1, newlen includes the original length / + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN \|\| + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 \|\| inslen + newlen < inslen \|\| sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. / / Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t size_buffer(char *buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -507,8 +507,13 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + if (APR_ALIGN_DEFAULT(buf_size) < buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); buf = apr_palloc(pool, buf_size); } + + return SVN_NO_ERROR; } @@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); / Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t window, void b char old_sbuf = ab->sbuf; /* Make sure there's enough room. / - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); / If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/apr < 1.3.8 >= 1.3.8 2 dev-libs/apr-util < 1.3.9 >= 1.3.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Impact ====== A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8 All APR Utility Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9 References ========== [ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-202202-0081	In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) Bug fix: * RHACM 2.3.8 images (Bugzilla #2062316) 3. Bugs fixed (https://bugzilla.redhat.com/): 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2022:0847-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0847 Issue date: 2022-03-14 CVE Names: CVE-2022-0566 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) * Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * Mozilla: Use-after-free in text reflows (CVE-2022-26381) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383) * Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384) * Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387) * thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566) * Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2055591 - CVE-2022-0566 thunderbird: Crafted email could trigger an out-of-bounds write 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: thunderbird-91.7.0-2.el8_1.src.rpm ppc64le: thunderbird-91.7.0-2.el8_1.ppc64le.rpm thunderbird-debuginfo-91.7.0-2.el8_1.ppc64le.rpm thunderbird-debugsource-91.7.0-2.el8_1.ppc64le.rpm x86_64: thunderbird-91.7.0-2.el8_1.x86_64.rpm thunderbird-debuginfo-91.7.0-2.el8_1.x86_64.rpm thunderbird-debugsource-91.7.0-2.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0566 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYi9axtzjgjWX9erEAQjBWhAAoW1sqYEgv/7lVMSYWJFQYqwX/gdmjLo5 LhHbhCw0HqLBm+O9rWfHKX7E1uZ75ah9dRBQyL9pLilKLOCZ96PO3HikkxU8gLnC ErkLnxYqhMVI/tLBSX7kMXCM6K7WibvtlUNBfp6JwiStmT38gqSbDmtvRMJLQj8w JgeZ9NmwWnNKkRdIeQr6SbEs2Tu6PXDuuej77lgI4HTJzEu4fTLCkUyt0nDXzJ2T gZl4madxbzY//TfYDUOXAIVv52jYWTDRjL0hFIz988ZDC5S8EkPMWFUZeBn573P+ 3XU/ArRZnApVvo63Md6MXz/YjfQSP5v+9cK8fJ4VgMLUmf522UenG1lpwcqCu9MY 9jCFjWhOaieMKqZ+ya2HrjcqQkzD9JJsH7xDAy8fm76bi/ZwYrjN6X6HRSeztXgu knOIJ8EJVRR0/Kl9txHNTi1ZjQA7bRX6/NeFwWHZ1lglsiZwgpouXE5S4dOQwGJe ewr0WlDP/e13OncuoY4SJ+IRiVOrNWFRJ+nxtyCsYvACUMFrqWD1Om7SXUPRliqv /DIEpByu5HgwWHJ78ecOgRZDXUv8B6EMo8gO8U4AYAIdDaHUsevXWl8fXW2LIPio 2Yc7Wq5IXqv/fYJgbRVmvzuMMMMt3VwHad+VkBAe+OngrFAIBIMC8tq2WibtHnTx JyHykUrqXl0= =5MTi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Summary: The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page 5. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically
var-201306-0225	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. Oracle Java SE is prone to a local vulnerability in Java Runtime Environment. This issue affects the '2D' sub-component. This vulnerability affects the following supported versions: 7 Update 21 , 6 Update 45 , 5.0 Update 45. For the oldstable distribution (squeeze), these problems have been fixed in version 6b27-1.12.6-1~deb6u1. For the stable distribution (wheezy), these problems have been fixed in version 6b27-1.12.6-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 6b27-1.12.6-1. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0957-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0957.html Issue date: 2013-06-19 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. (CVE-2013-2449) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. After installing this update, users of icedtea-web must install RHBA-2013:0959 for icedtea-web to continue functioning. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to the NEWS file, linked to in the References, for further information. 4. Solution: All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975122 - CVE-2013-2460 OpenJDK: tracing insufficient access checks (Serviceability, 8010209) 975124 - CVE-2013-2445 OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975126 - CVE-2013-2461 OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975130 - CVE-2013-2458 OpenJDK: Method handles (Libraries, 8009424) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs(Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975145 - CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check(Libraries, 8004288) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.25-2.3.10.3.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2445.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2449.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2458.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2460.html https://www.redhat.com/security/data/cve/CVE-2013-2461.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS https://rhn.redhat.com/errata/RHBA-2013-0959.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRwkhZXlSAg2UNWIIRAq8SAJ9tsW9PY39Aa6lmSLhOhlUi8hrnugCePCKO NAdLLpJKlVulPXKONu/CudU= =+H1U -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-201006-0051	Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. CUPS is prone to a cross-site request-forgery vulnerability. This issue affects the CUPS web interface component. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors (CVE-2010-1748). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2010.0: b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-952-1 June 21, 2010 cups, cupsys vulnerabilities CVE-2010-0540, CVE-2010-0542, CVE-2010-1748 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.19 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.11 Ubuntu 9.04: cups 1.3.9-17ubuntu3.9 Ubuntu 9.10: cups 1.4.1-5ubuntu2.6 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.2 In general, a standard system update will make all the necessary changes. (CVE-2010-0540) It was discovered that CUPS did not properly handle memory allocations in the texttops filter. (CVE-2010-1748) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz Size/MD5: 115313 005b2e259ee2bc9aeb334d3b2ca51faa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.dsc Size/MD5: 1061 177a2f8e4a29a35ea13fd51256f1380f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.19_all.deb Size/MD5: 998 35bdefd4098d83e84274364d62ee78ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 36246 f780e86740e595dc53b1ed5c75b55c13 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 81834 4085edf21acd7cc603465d9cab24197f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 2297664 891a2b5476e05e98e0b821fad88d0daf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 6096 7f361fac37f34a2560226286e3f59cb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 78160 7a84d018f2ca5b447dc647034759b0e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 25738 dad628ebfbdc12b32325657781edd0e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 131420 8cf624425e00972351b02f37d150916e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 34766 84d90801efca2b0330fccea613ce63de http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 77896 158339fe207b732d69201e75cb0f3381 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 2263760 2eca2208b83d962a5c3c5e1fe6d4275f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 6094 36b6a321662416156d7260007a6ca31a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 77288 ad80ca6edfc486db896d9eb779e0f650 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 25744 1d533c0ab57482330ae306a7891ec6ff http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 123508 83db482d3738e3ffcc3bfbee0cc33721 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 40476 37b383d15aacfd39dae5300cf032bbd1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 89508 0f77ab8e581be995daab715e3dd7abc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 2310060 47807a4cd2146d7a209a2a189c2b8cb3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 6100 ea6cc5c9d5f9bed2541300fe56597e78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 79802 b1a45ff6919450143c754a1ff36e9060 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 25742 1f563fdffe4e8bd058bedf9460e88e4c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 129252 330ddedb5d53bae2ba5c7752e18fcfa6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 35384 8ed75eb174931274c38d13af2fb7c112 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 78676 ddd3a0a2cb9352db14eb335413b08f46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 2298378 da734c1436bd698bec5f919f75d28ed5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 6096 e1848071c118342cd2c4bb2cb3ca2ce9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 77080 aacd50b0ac685df76f63d312727604d9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 25752 05b0ee318bdfa19b7de919ed6754b410 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 124994 c16e6c9aaca61f227d1c3940d93002da Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.diff.gz Size/MD5: 152646 c20cc845d61bec4c777a623bdd3a6043 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.dsc Size/MD5: 1444 f04fc7976a0a92b58e57ff27631efab0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.11_all.deb Size/MD5: 1144560 7b4f2abb608fa6c442994caa8c47e110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 37526 a9d6ecea3143d1335dc31815cf75dbd5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 90076 042ae92e8d94ae9d2482952b2e99df5a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 1890142 14da569119511e5f51b320cfc79506d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 60796 60488f0471f8c9bc173c03320bb789b2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 50214 47f4d3a00e8f761452a020a09a7384b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 345354 e963afb3e1275ddf97b68284e40372ea http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 179228 f33a66c1ac3967328f17297b1749b53b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 36950 df31639f3490ff68d09f8029cec8924f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 88546 b9ea8e8c14ed2d0f8ecfe137fdf6454a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 1872422 9b0e8cce7f3ac6f029d1d9722e98a213 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 60092 9e5eb97dd1cebd0229863029e4ca8f78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 49858 34a9fac10b0722657d2ca8ef56848f8d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 339688 c898e4f9f0dca3101a03dd02111a10f4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 176154 6a9ab1e5e19cadb5c7252502fc027de7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 36672 f41063e4a148dc8899ebef34e6cbfb3c http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 88846 4b68211c70b5bb7e656254da22bbd318 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 1874024 d6476f29b2979d242c8ff37d2241a61b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 60494 320b2a5fdfebf2c40a0710adff97036d http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 50816 3c56d3f411c40dedf3b6436b30b54b9a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 337320 79b5fb2771ca47c968f5abf93b91202c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 174996 0bcdda8df4f857444adca2943fd3c170 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 46938 ad94ebf4867859a982bb89477eab7ea4 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 110644 a281f4e5aa21d689540f919d5ee3fa5d http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 1958650 0e52cf6cd29c14ff0f2cc3212c552b99 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 59936 4091d328dee9d0deba5661fc5e762f1c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 54924 4fcf6eb1050a0eeee9854126fee0a79e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 342064 8d4b8d42acc54c66da52949ea44fd553 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 184954 42c1c793307f1cc4d18d522ae80f0270 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 38036 e62ae6e8d6d291f9ed605c555d158718 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 91032 0eeec008bd95aebc2cf01b29dc21c908 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 1907984 55de2e9030db5aa551bce341684870dc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 57832 b053dd502dd903723e8d6a77ce0b1c2b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 48216 1def563a1d36813e430550ff75cf8d5e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 341820 abc71448985875caa6210132ecf46b93 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 174938 f91384db37267deab1639718fe3b8c34 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.diff.gz Size/MD5: 347764 2955695161c0ce780898d42714dba9c8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.dsc Size/MD5: 1995 00cc768af9e65ccaaed74d7c4352e86d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.9_all.deb Size/MD5: 1165952 144fdfb5ea034f6f0efa02c8d36f5667 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61232 dfdb0322c17e7e1b747ba8f9db12a498 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61240 06126e6e2f7caf9e7fd2f124daf3396c http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61226 808e56e373bc060585483194bcfac4a7 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61230 17df573a12aca59fb662736b11cb5a89 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.9_all.deb Size/MD5: 4518 b33fc896433f2122e19187140ff848bf http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61218 521cc3faadf974588bd059da948ffd46 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61230 5d435cb91fe17f9603d67ac58cf00ebd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 37304 456a29fc3e6e4a6a12afb28cf070d153 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 119754 3a3546041387ada93c1f834570d0b7db http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 1675558 fd25a667614137c16bfa36e8c4bcf772 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 2178564 f1799dbcec836870692ecaa40b254f8b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 352570 5ac8c911b9b70ba35f4054ae5fff6857 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 178584 8f72778104c3015920601f7d39ec58ca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 61264 cc1633d90a82496ea55beb87d9e4282a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 52218 ef2c76e51468c29f16868f9b65a1d986 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 36230 3469935b69c38df8cc889905082f6170 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 115268 2c97947d64499af1488d7147aabd1272 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 1533088 e0c1e8945bcf28c325313ecc8675819b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 2144702 03fd75f8698031522c9483663deaddf4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 346396 a89110547944785464731b47fadf5ef9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 175170 470d2d69e5df366ca7d359b86c4693b3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 60498 7a2cb2739132e79a1fa70c0983d6bda0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 51542 60e03d1de616cc7d9fd5deccfba7e73f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 36028 95dd554290394bba340e1b9ed0eeca22 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 114518 7cdf8bfff996881b0ff38122507d24f8 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 1562414 99f96dacc52fb8ab31879dc8d917eed3 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 2141504 666f44d2a5057b47b0926b8fbc0ff9ce http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 343356 43f548744343771bfccc97e0965767e5 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 173468 495c1181694e597d3e2ee9b7879f63b4 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 60670 59cb79251da624cf56788a6ebbdd1854 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 52342 8b1039fde9779991586c0861bde5d692 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 43570 1bfc6992664c3dcf9ac9853ab5b6f62f http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 138118 56c93d7803d01c16a39e9fbe917e3a98 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 1649586 223b30bbc9f4d0e25c327eb10bf364ec http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 2266484 6abc3509cdcf34e481d74adb7b939ec2 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 348324 d36b5c40f196d505735fe367a7a2380a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 183986 555915a89c0a514dcb6e77486a9112ed http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 61310 1c61fe881255b71f6264119f319f24b3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 57406 ab4fb5ea4040929b5ec38abad5f38cfb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 37208 6046757ca4fe9b690247c34fe009b8ea http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 117494 0a21aaee253debec63b21c20dfda20bd http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 1477080 6d03ce62f445559aeac03429e66cf9bb http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 2211336 6ea40676d2b68ab7e75e4e81d79493c5 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 345154 da2107d40cbf1f8575995dddb031ac25 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 170956 d17a5b8ce2609a9a73b8b49af592d31d http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 57854 9978193eaa21591bcbda0103bd2d7420 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 49696 e9933a11538063753748ab7a29ddf48b Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.diff.gz Size/MD5: 430803 9896ab093cf6c3ef71a80e0c37e4b7aa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.dsc Size/MD5: 2273 893689e77881954b258ddb7107aa699e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.6_all.deb Size/MD5: 1420352 27ce929720fc629fed288754a91ce13b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69858 388fcac30796d5907253d647b12d7969 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69822 3cf78e179ad70f3273abfc1263664266 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69854 97bd4ac6413bb46ab53861a581113f0a http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69854 b391fa9c83fbf3009e56df2746ab94d2 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.6_all.deb Size/MD5: 4544 57b5675c9659d18d88a113f55a2176f9 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69842 7aff9ca2dc796cb3604221265e9b2747 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 36714 b7a8d6d23214b4d0cbc888888a48e335 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 120262 8dfd957d0cc33ffaaf32072079907ee1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 90150 3233d3c9c94c0f262f00f4b71d7a81d5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 1909664 73ed914b62e3c9e04dcaec55b543407d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 210802 f23c0fdafcfd0fad270f8afa3a937c31 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 219530 3c472155e2f3471ddb68a50b6661aa42 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 103906 a77f22491afdfd65c60fe01ba8660673 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 33134 5d3ba0a39217678739e2c7812512d28c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 90504 fe988efeb10d537670c25ad298c58eb7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 22188 6316c51f52a01de4b3011411db62a5b7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 61528 5b4718cdfd4387c0d7114f2580c8254b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 53152 4013a5f53425a382b45889fe73f6f3a9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 81518 f81f9bcdd2faf8a7f9ba6fefe4f8cdc2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 15490 e4228a982cf71ae48ee2af86325b45ac http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 143326 b8a0420a543914c8299e340a5723ba1d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 60108 fa27048727ffbbb4e58ba9ee6ccaadeb http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 34522 851e93d20f1315beb56cf357956c5f2a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 35484 3a0b604fdbf0106ca6886eee07968dff http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 115306 688d22b75b84a4b0ef3ed89306f653bf http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 89220 4b4a76a3551a6c934975aa040289a3d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 1867674 564568d5ec8164e9ee916dc41951d660 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 199732 6617d9b279c98755836e6ce614978924 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 213492 2c15204d6c3c638327b812a76259c33a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 102998 80bcbfadf15cb8f0b578362352fc461f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 32872 2cb6e24ce760d286b1e4ce2e7dc9275c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 90720 5c967305feec17ac2c2715ca3a553263 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 22070 d77fc0c0f4db9f7e907f658be56f9c42 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 60316 88f1d9c994bfc4ac28381aa8ca28585e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 52414 b8598a149d3a8f8b3d0cb79f12633dea http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 81432 e2eba2bb5cd587421404445bf4cb3c36 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 15202 531427f9f7e56220142b4e51233daf01 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 141908 70047df2efe6271a7f0fe81be26e898b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 61440 287af16b51cbf417374964ce1faaa9a0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 32818 67c42e8a46deb780a4ea43679a8f7b1b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 35444 43e9a036f2cb42db2e2894edfef0afda http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 115172 a7a25b4d3d2c988a06dee38802fd2e0b http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 89146 d45d7185a76bd44f3e11a2f52b87f1fd http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 1865278 622d02b7fdcfd8ad0c7ab5e4758dc29c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 197074 b109e960fb1cfd95ecc65cdcb106bc97 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 212098 185440c848f158c3f1ea8a00096454e6 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 102282 ff45f4229a289f1d3a5eadf0dfa1f6d7 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 32662 51fff11adcbf03ff5c6c4344231f40f4 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 90140 2025394e060c7ac4135fb3197c82e2aa http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 21772 94c88b2f892a3ca17071da2e1d3f57de http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 59952 b6e1c63ff6dcf6fae5ddf41e83bf2b39 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 52580 2733ad91569bb1b7018966ac2316d6b3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 81372 71e31f4d06b1de5ede2c8186e60292fb http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 15308 f81a0425d623423089f99b429a15e916 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 142212 ec10060804a0e9747a65322cdb456ea0 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 62670 e9f0de51cdf2665eaeb9699f4440d4b3 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 33272 5cb032354f73c1f3b549b9bf4ba034b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 37002 98296fbdb2c48a660ec17b0c4a4f3c90 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 121666 bba9834fa00e775df09cf0f0488f7f9a http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 89800 d19794e77bb85ad268c3d2bc2bfa1f31 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 1931086 acb1d07a0d0a2dc17fba7683ec52e16b http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 203926 83542c3ef9602299bfb8302ed77290e7 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 224070 6ed170661f54e7fa50f61a69a904ec21 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 103042 8966b98ea957fbb8b92a4678317fddae http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 35072 b1aa40b4d141f00000864f0a87a795f3 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 89920 f1f371d9914166ec1af92bf5706253f0 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 22332 87366d86919da7b07046b73a1b276471 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 60622 d5dfb6d846e1b6f3935071d78da667ba http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 55370 b598355d538a5202a38c1286b8cf9cb8 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 81882 96dca3856de634bbd9596a6fc7afa9c6 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 15792 ada89970388879b889ce3ce23f0786e9 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 141460 54b03efb38851fc77a7c32217d89a838 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 64954 75bb84b2f2aed56705323657a98c94c6 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 34788 3b21946edb4a3f5b5a53941a97c7902b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 36050 40e9f13fcb68ae0f7b780ddffa930569 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 117802 69758c023939b53c735884c8bb3da729 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 89654 d38e699a47d22475311fbc9f72835462 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 1954398 385300918a21dc44de8f253ee2f28eaf http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 201862 dcf93f4fd26767ca13dd8562244fcf1b http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 211164 700260b08f51811acc2a051b24378125 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 104686 dea3e49233b35c05ceb73d2c6cb377c2 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 32990 05ea0b382be4213b3a5a56cea510f2ef http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 90114 8e30914034d660780c8023500e6ffc3f http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 21388 3924468f70aa5cd4ba7000414fdf0688 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 58154 093eb825804bc6d172335e1a73f9afb6 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 50288 47b1de9dede6755e934512df997031d9 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 80642 f0c36f2b152a9c5834f871a9e3ba534a http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 14382 74976d5c3d9d2e5f84c63b3d95df8dad http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 144596 8c8e872d9a7fc3461cd3295c47c46da4 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 61448 f654d799a55faf5c5bbbc6d111d17e0e http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 33862 426ade2e9fa86473091f0722f60b2e3a Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.diff.gz Size/MD5: 496671 585b5a839d9ec546a9534330a76c0964 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.dsc Size/MD5: 2273 167a7ea0e055786fe2e5f74c03b92294 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3.orig.tar.gz Size/MD5: 5367387 947aefd4849d0da93b5a8a99673f62b2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.3-1ubuntu1.2_all.deb Size/MD5: 1463434 ab433df67ddd32bf49adbe3e16ba82c4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73442 8dad2edf6d46f76dcb52db201016947d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73402 db5a399abfcb69136bdd86554d1ab636 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73432 9fb3a058c65da62706a80d9484010eef http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73438 dab3b5e2ff47294536789a858bb9a3b3 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.3-1ubuntu1.2_all.deb Size/MD5: 4552 e0c4a0047f7ec0268315afaa85caf9b0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73424 ced4b61fab69b55277de4b5a29b7017d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 44774 d9e37725367f31858091bdf5b168d881 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 140618 94b07ecdeac71ffd4ccd6417ba744a98 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 93886 7a2163f56c74b490b1c1a3a6c10d0cf4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 1973830 125e1409b54622ebcd8c0557efc004ab http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 212968 d6ab1b998818ba99f18b1e633666c13f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 223550 2c887f725f30a5e1d9aa2c20d6268337 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 107780 ec510ebb54127d6567d5b585321733d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 33114 5ccf1df923f97a7ab3f0dcb56f9c7294 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 94168 f3fb3af8004fcb81ef04220e6a66d7f2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 22086 cf810510c3b376d69b13f37398aacc1a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 61438 882621ff9d056e9ac830ea5627bc0c93 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 53094 09ed3cb267e2e3b8bcbe208ea7a0ad02 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 85296 3557d7e7ba9cdc196a6040eea6cd7272 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 15444 ea9e1ce52141169dd6c64f2633c195a4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 147096 e85555341ed2031d26c921dc77ed7503 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 59990 9ba72110aead42b48c679562e4b55af0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 34596 3d41e6ee5ab5bc0abd355c5625c36091 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 43346 6de1a8c71528e1ec1014a5331309e8bd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 135836 9bee4520bf4ca64466a08a51b426088a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 92978 9397ab013a3ee9f18378b30b40d924ce http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 1928108 558ae105b117bd0ba98580b0db10de45 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 202544 8bcf1d8fcafe878a6c3728ea448966e5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 217726 7d8eddc54dc065a4a7d277c908e83f3e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 106934 441cd88aabbaa2a57adb57daebfd13c1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 32950 fe896ca272249efb52cc3325c959b956 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 94304 20dd13df8749e1e3b17053288b768146 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 21780 8c493eed360e1c996dacf20a993a4457 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 60196 8937ce7e76d479a3be672ed8287a7675 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 52268 ca080db4912f21a37e496999506a4e12 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 85238 d9ded4b415c370cff8cf2c1a9c6b403a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 15138 c18676b7afb412704b384d02a9f764a0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 145604 c3f0c1d386de11db2c83b29ce61d747e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 61266 9350be23632e0bb41bacdf493916f1e5 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 32894 588a8edd7a8cef5ad2312c6b2a466d41 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 44800 b5b282e36f232b95a4221a19c58e4d80 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 142152 c7959ec969f56a4c8061a9115e3fb9d0 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 93536 31ab6658804a9d5b8e165f7182522792 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 1992826 720559a8b6b13a49cb8de64599dc0d0c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 206536 c0792eccffa336a078847fc1570f1847 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 228182 7336ad247af6f88cf383738429859a03 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 107032 aa51ce9c4d8b97a4be4c4604c1ece7dd http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 35034 5ad9a33558ab86fe168d1778367f5614 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 93706 46fab84fdbe699e3bf89ac4d7a7a5f21 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 22244 4427366e73d2ed6b756290bbbe89f33e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 60546 b5561e25ff9d7a625079a4a92b97eeeb http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 55298 7564d5317f23a06dd984e7a011f7d4a3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 85702 e50cfac0de465610de321b6a247294ad http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 15702 b530dc6e40497cdd17cb2eef7fc86f35 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 145258 3e1d1f46e3a3a978073cb7134660dca8 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 64908 91d9e1374bca739f621f52ff824cb967 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 34770 300740d181959eaa050dd38e8d7f5b95 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 44076 8e8b983418cfe367c386a581948e62d1 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 140914 b937ab49f26f53b13dbacfa1b1755b5e http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 93224 9b81849a723629db064aada33a669605 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 2042588 76638c4d1cc937a4d3038d6ca56c017c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 210178 e1f8624cc98825259447a8f3cfccab43 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 220154 d2692b4767b48e7960007762babdfd4d http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 109484 ee657ed269651dad0e97742db63b3fa6 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 33836 49d880a15f6c4c92dc37ef7c9a3e94ed http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 94740 807e344de7057bf78fdbe6d16c8160fe http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 22060 285f1d26a014fcaba9c52a8a204f4a8e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 59236 f2769fd0e05f40416fafb3b8b4e71fd3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 51354 0dacc2034f6a772bf1a35c4390bd707b http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 84742 42f204443d66552e20b05f431a37c9b6 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 14596 7bc50be13da6d36c7a8b1ef77ea2c64c http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 150882 f51782127f098c8431b4c08ad9084a08 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 62864 470e0fe33fae056cb349cba8f291552a http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 34536 d7f328a90189cac65cda36e18bac2391
var-200102-0104	"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password. The Oracle LDAP Daemon (oidldapd version 2.1.1.1), which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Apple Mac OS is prone to a local security vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Alert Summary January 1, 2001 Volume 6 Number 2 The following computer security issues have been publicly reported and documented in the X-Force Vulnerability and Threat Database (http://xforce.iss.net). This document is available at http://xforce.iss.net/alerts/vol-06_num-02.php. To receive these Alert Summaries: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: - - 'subscribe alert' (without the quotes). _____ Contents 115 Reported Vulnerabilities Risk Factor Key _____ Date Reported: 12/31/00 Vulnerability: exmh-error-symlink Platforms Affected: exmh 2.2 and earlier Risk Factor: High Attack Type: Host Based Brief Description: exmh error message symlink X-Force URL: http://xforce.iss.net/static/5829.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-symlink Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Host Based Brief Description: Informix Webdriver symbolic link X-Force URL: http://xforce.iss.net/static/5827.php _____ Date Reported: 12/30/00 Vulnerability: informix-webdriver-admin-access Platforms Affected: Informix Webdriver Risk Factor: High Attack Type: Network Based Brief Description: Informix Webdriver remote Admin access X-Force URL: http://xforce.iss.net/static/5833.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-mutex-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro Mutex creation denial of service X-Force URL: http://xforce.iss.net/static/5821.php _____ Date Reported: 12/29/00 Vulnerability: zonealarm-batfile-dos Platforms Affected: ZoneAlarm Pro Risk Factor: Medium Attack Type: Host Based Brief Description: ZoneAlarm and ZoneAlarm Pro can be taken down with a batch file X-Force URL: http://xforce.iss.net/static/5822.php _____ Date Reported: 12/29/00 Vulnerability: shockwave-flash-swf-bo Platforms Affected: Shockwave Plugin 8.0 and prior Risk Factor: High Attack Type: Network/Host Based Brief Description: Shockwave Flash SWF file buffer overflow X-Force URL: http://xforce.iss.net/static/5826.php _____ Date Reported: 12/29/00 Vulnerability: macos-multiple-users Platforms Affected: MacOS 9.0 Risk Factor: High Attack Type: Host Based Brief Description: Mac OS 'Multiple Users' bypass password X-Force URL: http://xforce.iss.net/static/5830.php _____ Date Reported: 12/28/00 Vulnerability: http-cgi-ikonboard Platforms Affected: Ikonboard 2.1.7b and prior Risk Factor: High Attack Type: Host Based Brief Description: Ikonboard allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5819.php _____ Date Reported: 12/27/00 Vulnerability: http-cgi-technote-main Platforms Affected: TECH-NOTE (000, 2001, Pro) Risk Factor: High Attack Type: Network Based Brief Description: TECH-NOTE main.cgi reveals files X-Force URL: http://xforce.iss.net/static/5813.php _____ Date Reported: 12/26/00 Vulnerability: xwindows-char-dos Platforms Affected: XFree86 Risk Factor: Low Attack Type: Network/Host Based Brief Description: X Windows multiple character denial of service X-Force URL: http://xforce.iss.net/static/5834.php _____ Date Reported: 12/25/00 Vulnerability: 1stup-mail-server-bo Platforms Affected: 1st Up Mail Server 4.1 Risk Factor: Medium Attack Type: Network Based Brief Description: 1st Up Mail Server buffer overflow X-Force URL: http://xforce.iss.net/static/5808.php _____ Date Reported: 12/25/00 Vulnerability: dialog-symlink Platforms Affected: Linux Debian 2.2 Risk Factor: High Attack Type: Host Based Brief Description: Linux dialog package symlink attack X-Force URL: http://xforce.iss.net/static/5809.php _____ Date Reported: 12/25/00 Vulnerability: ibm-wcs-admin Platforms Affected: IBM Websphere Commerce Suite Risk Factor: High Attack Type: Host Based Brief Description: IBM WCS admin.config allows user to execute arbitrary commands X-Force URL: http://xforce.iss.net/static/5831.php _____ Date Reported: 12/23/00 Vulnerability: http-cgi-technote-print Platforms Affected: TECH-NOTE (2000, 2001, Pro) Risk Factor: Medium Attack Type: Network Based Brief Description: TECH-NOTE print.cgi reveals files X-Force URL: http://xforce.iss.net/static/5815.php _____ Date Reported: 12/22/00 Vulnerability: iis-web-form-submit Platforms Affected: IIS (4.0, 5.0) Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IIS Web form submission X-Force URL: http://xforce.iss.net/static/5823.php _____ Date Reported: 12/21/00 Vulnerability: hpux-kermit-bo Platforms Affected: HPUX (10.01, 10.10, 10.20, 11.00) Risk Factor: Medium Attack Type: Host Based Brief Description: HP-UX kermit buffer overflow X-Force URL: http://xforce.iss.net/static/5793.php _____ Date Reported: 12/21/00 Vulnerability: bsguest-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bsguest.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5796.php _____ Date Reported: 12/21/00 Vulnerability: bslist-cgi-execute-commands Platforms Affected: Linux Risk Factor: Medium Attack Type: Network Based Brief Description: bslist.cgi allows remote execution of commands on server X-Force URL: http://xforce.iss.net/static/5797.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/21/00 Vulnerability: oracle-execute-plsql Platforms Affected: Oracle Application Server Risk Factor: Medium Attack Type: Network Based Brief Description: Oracle remote procedure execution X-Force URL: http://xforce.iss.net/static/5817.php _____ Date Reported: 12/21/00 Vulnerability: ksh-redirection-symlink Platforms Affected: IRIX (6.2, 6.5.x) Solaris (2.5.1, 2.6, 7) HPUX 9.00 Digital Unix 5.0 Risk Factor: High Attack Type: Host Based Brief Description: ksh redirection symlink attack X-Force URL: http://xforce.iss.net/static/5811.php _____ Date Reported: 12/21/00 Vulnerability: oracle-webdb-admin-access Platforms Affected: Oracle Internet Application Server 3.0.7 Risk Factor: High Attack Type: Network/Host Based Brief Description: Oracle IAS allows administrative access X-Force URL: http://xforce.iss.net/static/5818.php _____ Date Reported: 12/21/00 Vulnerability: infinite-interchange-dos Platforms Affected: Infinite Interchange 3.61 Risk Factor: Web Scan Attack Type: Network/Host Based Brief Description: Infinite InterChange denial of service X-Force URL: http://xforce.iss.net/static/5798.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-detached-sig-modify Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG allows users to modify signed messages with detached signatures X-Force URL: http://xforce.iss.net/static/5802.php _____ Date Reported: 12/20/00 Vulnerability: gnupg-reveal-private Platforms Affected: GnuPG (1.0, 1.0.1, 1.0.2, 1.0.3) Risk Factor: Medium Attack Type: Host Based Brief Description: GnuPG will import private keys along with public keys X-Force URL: http://xforce.iss.net/static/5803.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-nmap-scans Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm does not detect NMAP scans X-Force URL: http://xforce.iss.net/static/5799.php _____ Date Reported: 12/20/00 Vulnerability: zonealarm-open-shares Platforms Affected: ZoneAlarm Risk Factor: High Attack Type: Network Based Brief Description: ZoneAlarm open shares X-Force URL: http://xforce.iss.net/static/5825.php _____ Date Reported: 12/19/00 Vulnerability: win2k-index-service-activex Platforms Affected: Windows 2000 Risk Factor: Low Attack Type: Network/Host Based Brief Description: Windows 2000 Index Service ActiveX controls allow unauthorized access to file information X-Force URL: http://xforce.iss.net/static/5800.php _____ Date Reported: 12/19/00 Vulnerability: proftpd-size-memory-leak Platforms Affected: Proftpd Risk Factor: Low Attack Type: Network/Host Based Brief Description: proftpd memory leak when using SIZE command X-Force URL: http://xforce.iss.net/static/5801.php _____ Date Reported: 12/19/00 Vulnerability: weblogic-dot-bo Platforms Affected: WebLogic Risk Factor: Medium Attack Type: Network Based Brief Description: BEA WebLogic Server "dotdot" URL buffer overflow X-Force URL: http://xforce.iss.net/static/5782.php _____ Date Reported: 12/19/00 Vulnerability: mdaemon-imap-dos Platforms Affected: MDaemon Risk Factor: Medium Attack Type: Network/Host Based Brief Description: MDaemon IMAP buffer overflow denial of service X-Force URL: http://xforce.iss.net/static/5805.php _____ Date Reported: 12/19/00 Vulnerability: zope-calculate-roles Platforms Affected: Zp[e Risk Factor: High Attack Type: Host Based Brief Description: zope package in Linux calculates local roles incorrectly X-Force URL: http://xforce.iss.net/static/5777.php _____ Date Reported: 12/19/00 Vulnerability: itetris-svgalib-path Platforms Affected: svgalib Risk Factor: High Attack Type: Host Based Brief Description: Itetris svgalib PATH X-Force URL: http://xforce.iss.net/static/5795.php _____ Date Reported: 12/18/00 Vulnerability: bsd-ftpd-replydirname-bo Platforms Affected: BSD Based Operating Systems Risk Factor: High Attack Type: Network Based Brief Description: BSD ftpd replydirname() function buffer overflow X-Force URL: http://xforce.iss.net/static/5776.php _____ Date Reported: 12/18/00 Vulnerability: sonata-command-execute Platforms Affected: Sonata Risk Factor: High Attack Type: Host Based Brief Description: Sonata argument command line execution X-Force URL: http://xforce.iss.net/static/5787.php _____ Date Reported: 12/18/00 Vulnerability: solaris-catman-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris catman command symlink attack X-Force URL: http://xforce.iss.net/static/5788.php _____ Date Reported: 12/18/00 Vulnerability: solaris-patchadd-symlink Platforms Affected: Solaris Risk Factor: High Attack Type: Host Based Brief Description: Solaris patchadd symlink attack X-Force URL: http://xforce.iss.net/static/5789.php _____ Date Reported: 12/18/00 Vulnerability: stunnel-format-logfile Platforms Affected: Stunnel Risk Factor: High Attack Type: Network Based Brief Description: Stunnel format allows user to write to logfile X-Force URL: http://xforce.iss.net/static/5807.php _____ Date Reported: 12/17/00 Vulnerability: hp-top-sys-files Platforms Affected: HPUX Risk Factor: Low Attack Type: Host Based Brief Description: HP-UX top command could be used to overwrite files X-Force URL: http://xforce.iss.net/static/5773.php _____ Date Reported: 12/16/00 Vulnerability: zope-legacy-names Platforms Affected: Zope Risk Factor: Medium Attack Type: Network Based Brief Description: Linux zope package "legacy" names X-Force URL: http://xforce.iss.net/static/5824.php _____ Date Reported: 12/15/00 Vulnerability: mrj-runtime-malicious-applets Platforms Affected: MRJ Risk Factor: Low Attack Type: Host Based Brief Description: MRJ runtime environment could allow malicious applets to be executed X-Force URL: http://xforce.iss.net/static/5784.php _____ Date Reported: 12/14/00 Vulnerability: coffeecup-ftp-weak-encryption Platforms Affected: CoffeeCup FTP Risk Factor: Low Attack Type: Host Based Brief Description: CoffeeCup FTP client has weak password encryption X-Force URL: http://xforce.iss.net/static/5744.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-fragmented-packets Platforms Affected: WatchGuard Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall fragmented IP packet attack X-Force URL: http://xforce.iss.net/static/5749.php _____ Date Reported: 12/14/00 Vulnerability: jpilot-perms Platforms Affected: J-Pilot Risk Factor: Medium Attack Type: Host Based Brief Description: J-Pilot permissions could reveal sensitive information X-Force URL: http://xforce.iss.net/static/5762.php _____ Date Reported: 12/14/00 Vulnerability: mediaservices-dropped-connection-dos Platforms Affected: Microsoft Media Services Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft Media Services dropped connection denial of service X-Force URL: http://xforce.iss.net/static/5785.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-web-auth Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO Web config server could allow unauthenticated access X-Force URL: http://xforce.iss.net/static/5554.php _____ Date Reported: 12/14/00 Vulnerability: watchguard-soho-passcfg-reset Platforms Affected: WatchGuard Risk Factor: High Attack Type: Network Based Brief Description: WatchGuard SOHO administrator password can be remotely reset X-Force URL: http://xforce.iss.net/static/5742.php _____ Date Reported: 12/14/00 Vulnerability: http-cgi-simplestguest Platforms Affected: simplestguest.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestguest.cgi input validation error X-Force URL: http://xforce.iss.net/static/5743.php _____ Date Reported: 12/14/00 Vulnerability: safeword-palm-pin-extraction Platforms Affected: SafeWord e.iD Palm Authenticator Risk Factor: High Attack Type: Network/Host Based Brief Description: SafeWord and e.iD Palm Authenticator allows attacker to clone Palm device X-Force URL: http://xforce.iss.net/static/5753.php _____ Date Reported: 12/14/00 Vulnerability: mdaemon-lock-bypass-password Platforms Affected: MDaemon Risk Factor: High Attack Type: Host Based Brief Description: MDaemon "lock" bypass password X-Force URL: http://xforce.iss.net/static/5763.php _____ Date Reported: 12/13/00 Vulnerability: cisco-catalyst-ssh-mismatch Platforms Affected: Cisco Catalyst Risk Factor: Low Attack Type: Network Based Brief Description: Cisco Catalyst SSH protocol mismatch X-Force URL: http://xforce.iss.net/static/5760.php _____ Date Reported: 12/13/00 Vulnerability: microsoft-iis-file-disclosure Platforms Affected: IIS Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Microsoft IIS Far East editions file disclosure X-Force URL: http://xforce.iss.net/static/5729.php _____ Date Reported: 12/13/00 Vulnerability: ezshopper-cgi-file-disclosure Platforms Affected: loadpage.cgi Risk Factor: Medium Attack Type: Network Based Brief Description: EZshopper loadpage.cgi file disclosure X-Force URL: http://xforce.iss.net/static/5740.php _____ Date Reported: 12/13/00 Vulnerability: winnt-mstask-dos Platforms Affected: Windows NT Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Windows NT MSTask.exe denial of service X-Force URL: http://xforce.iss.net/static/5746.php _____ Date Reported: 12/13/00 Vulnerability: bftpd-site-chown-bo Platforms Affected: BFTPD Risk Factor: High Attack Type: Network Based Brief Description: BFTPD SITE CHOWN buffer overflow X-Force URL: http://xforce.iss.net/static/5775.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/12/00 Vulnerability: subscribemelite-gain-admin-access Platforms Affected: Subscribe Me Lite Risk Factor: Medium Attack Type: Network Based Brief Description: Subscribe Me Lite mailing list manager unauthorized access X-Force URL: http://xforce.iss.net/static/5735.php _____ Date Reported: 12/12/00 Vulnerability: zope-image-file Platforms Affected: Zope Risk Factor: Medium Attack Type: Host Based Brief Description: Linux zope package Image and File objects X-Force URL: http://xforce.iss.net/static/5778.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-everythingform Platforms Affected: everythingform.cgi Risk Factor: High Attack Type: Network Based Brief Description: everythingform.cgi input validation error X-Force URL: http://xforce.iss.net/static/5736.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-simplestmail Platforms Affected: simplestmail.cgi Risk Factor: High Attack Type: Network Based Brief Description: simplestmail.cgi input validation error X-Force URL: http://xforce.iss.net/static/5739.php _____ Date Reported: 12/12/00 Vulnerability: http-cgi-ad Platforms Affected: ad.cgi Risk Factor: High Attack Type: Network Based Brief Description: ad.cgi input validation error X-Force URL: http://xforce.iss.net/static/5741.php _____ Date Reported: 12/12/00 Vulnerability: kde-kmail-weak-encryption Platforms Affected: KDE KMail Risk Factor: High Attack Type: Network/Host Based Brief Description: KDE KMail weak password encryption X-Force URL: http://xforce.iss.net/static/5761.php _____ Date Reported: 12/12/00 Vulnerability: aolim-buddyicon-bo Platforms Affected: AOL Instant Messenger Risk Factor: High Attack Type: Network/Host Based Brief Description: AOL Instant Messenger Buddy Icon buffer overflow X-Force URL: http://xforce.iss.net/static/5786.php _____ Date Reported: 12/12/00 Vulnerability: aim-remote-bo Platforms Affected: AOL Instant Messenger Risk Factor: Medium Attack Type: Network Based Brief Description: AOL Instant Messenger buffer overflow X-Force URL: http://xforce.iss.net/static/5732.php _____ Date Reported: 12/11/00 Vulnerability: rppppoe-zero-length-dos Platforms Affected: rp-pppoe Risk Factor: Medium Attack Type: Network Based Brief Description: rp-pppoe "zero-length" option denial of service X-Force URL: http://xforce.iss.net/static/5727.php _____ Date Reported: 12/11/00 Vulnerability: proftpd-modsqlpw-unauth-access Platforms Affected: ProFTPd Risk Factor: Medium Attack Type: Network Based Brief Description: ProFTPD system using mod_sqlpw unauthorized access X-Force URL: http://xforce.iss.net/static/5737.php _____ Date Reported: 12/11/00 Vulnerability: gnu-ed-symlink Platforms Affected: GNU ed Risk Factor: High Attack Type: Host Based Brief Description: GNU ed symlink X-Force URL: http://xforce.iss.net/static/5723.php _____ Date Reported: 12/11/00 Vulnerability: oops-ftputils-bo Platforms Affected: Oops Proxy Server Risk Factor: High Attack Type: Network/Host Based Brief Description: Oops Proxy Server ftp_utils buffer overflow X-Force URL: http://xforce.iss.net/static/5725.php _____ Date Reported: 12/11/00 Vulnerability: oracle-oidldap-write-permission Platforms Affected: Oracle Internet Directory Risk Factor: High Attack Type: Host Based Brief Description: Oracle Internet Directory write permission X-Force URL: http://xforce.iss.net/static/5804.php _____ Date Reported: 12/9/00 Vulnerability: foolproof-security-bypass Platforms Affected: FoolProof Risk Factor: High Attack Type: Host Based Brief Description: FoolProof Security restriction bypass using FTP X-Force URL: http://xforce.iss.net/static/5758.php _____ Date Reported: 12/8/00 Vulnerability: broadvision-bv1to1-reveal-path Platforms Affected: BroadVision One-To-One Enterprise Server Risk Factor: Low Attack Type: Network Based Brief Description: BroadVision One-To-One Enterprise Server reveals path to server X-Force URL: http://xforce.iss.net/static/5661.php _____ Date Reported: 12/8/00 Vulnerability: ssldump-format-strings Platforms Affected: ssldump Risk Factor: Medium Attack Type: Network Based Brief Description: ssldump format string could allow arbitrary execution of code X-Force URL: http://xforce.iss.net/static/5717.php _____ Date Reported: 12/8/00 Vulnerability: coldfusion-sample-dos Platforms Affected: ColdFusion Risk Factor: Medium Attack Type: Network/Host Based Brief Description: ColdFusion sample script denial of service X-Force URL: http://xforce.iss.net/static/5755.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-arbitrary-proxy Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 arbitrary proxy enviornment variable X-Force URL: http://xforce.iss.net/static/5733.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-auth-packet-overflow Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Network/Host Based Brief Description: KTH Kerberos 4 authentication packet buffer overflow X-Force URL: http://xforce.iss.net/static/5734.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-user-config Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 user supplied configuration files X-Force URL: http://xforce.iss.net/static/5738.php _____ Date Reported: 12/8/00 Vulnerability: kerberos4-tmpfile-dos Platforms Affected: Kerberos 4 Risk Factor: High Attack Type: Host Based Brief Description: KTH Kerberos 4 race condition X-Force URL: http://xforce.iss.net/static/5754.php _____ Date Reported: 12/7/00 Vulnerability: homeseer-directory-traversal Platforms Affected: HomeSeer Risk Factor: Low Attack Type: Network Based Brief Description: HomeSeer allows directory traversal X-Force URL: http://xforce.iss.net/static/5663.php _____ Date Reported: 12/7/00 Vulnerability: offline-explorer-reveal-files Platforms Affected: MetaProducts Offline Explorer Risk Factor: Low Attack Type: Network/Host Based Brief Description: MetaProducts Offline Explorer can reveal file system X-Force URL: http://xforce.iss.net/static/5728.php _____ Date Reported: 12/7/00 Vulnerability: imail-smtp-auth-dos Platforms Affected: IMail Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IMail SMTP auth denial of service X-Force URL: http://xforce.iss.net/static/5674.php _____ Date Reported: 12/6/00 Vulnerability: apc-apcupsd-dos Platforms Affected: APC apcupsd Risk Factor: Medium Attack Type: Host Based Brief Description: APC apcupsd denial of service X-Force URL: http://xforce.iss.net/static/5654.php _____ Date Reported: 12/6/00 Vulnerability: cisco-catalyst-telnet-dos Platforms Affected: Cisco Catalyst Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Cisco Catalyst telnet server memory leak denial of service X-Force URL: http://xforce.iss.net/static/5656.php _____ Date Reported: 12/6/00 Vulnerability: apache-php-disclose-files Platforms Affected: Apache Web server Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Apache Web server discloses files when used with php script X-Force URL: http://xforce.iss.net/static/5659.php _____ Date Reported: 12/6/00 Vulnerability: ultraseek-reveal-path Platforms Affected: Ultraseek Risk Factor: Medium Attack Type: Network Based Brief Description: Ultraseek Server can reveal the path and source code to certain files X-Force URL: http://xforce.iss.net/static/5660.php _____ Date Reported: 12/6/00 Vulnerability: irc-dreamforge-dns-dos Platforms Affected: DreamForge IRCd Risk Factor: Medium Attack Type: Network Based Brief Description: DreamForge IRCd DNS denial of service X-Force URL: http://xforce.iss.net/static/5721.php _____ Date Reported: 12/6/00 Vulnerability: mailman-alternate-templates Platforms Affected: MailMan Risk Factor: High Attack Type: Network Based Brief Description: MailMan Alternate Templates form variable allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5649.php _____ Date Reported: 12/6/00 Vulnerability: phpgroupware-include-files Platforms Affected: Risk Factor: High Attack Type: Network Based Brief Description: phpGroupWare include files allows remote attacker to execute commands X-Force URL: http://xforce.iss.net/static/5650.php _____ Date Reported: 12/6/00 Vulnerability: markvision-printer-driver-bo Platforms Affected: Lexmark MarkVision Risk Factor: High Attack Type: Host Based Brief Description: Lexmark MarkVision printer drivers for Unix buffer overflows X-Force URL: http://xforce.iss.net/static/5651.php _____ Date Reported: 12/6/00 Vulnerability: nt-ras-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Host Based Brief Description: Windows NT RAS registry permissions X-Force URL: http://xforce.iss.net/static/5671.php _____ Date Reported: 12/6/00 Vulnerability: nt-snmp-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT SNMP registry permissions X-Force URL: http://xforce.iss.net/static/5672.php _____ Date Reported: 12/6/00 Vulnerability: nt-mts-reg-perms Platforms Affected: Windows NT Risk Factor: High Attack Type: Network/Host Based Brief Description: Windows NT MTS registry permissions X-Force URL: http://xforce.iss.net/static/5673.php _____ Date Reported: 12/6/00 Vulnerability: irc-bitchx-dns-bo Platforms Affected: BitchX Risk Factor: High Attack Type: Network Based Brief Description: BitchX IRC DNS buffer overflow X-Force URL: http://xforce.iss.net/static/5701.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-gain-access Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database can give access through default username and password X-Force URL: http://xforce.iss.net/static/5662.php _____ Date Reported: 12/5/00 Vulnerability: ibm-db2-dos Platforms Affected: IBM DB2 Risk Factor: Medium Attack Type: Network/Host Based Brief Description: IBM DB2 Universal Database denial of service X-Force URL: http://xforce.iss.net/static/5664.php _____ Date Reported: 12/5/00 Vulnerability: vsu-source-routing Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain source routing X-Force URL: http://xforce.iss.net/static/5667.php _____ Date Reported: 12/5/00 Vulnerability: vsu-ip-bridging Platforms Affected: VSU Risk Factor: Medium Attack Type: Network Based Brief Description: VPNet VSU gateways contain bridging code X-Force URL: http://xforce.iss.net/static/5670.php _____ Date Reported: 12/5/00 Vulnerability: ftp-servu-homedir-travers Platforms Affected: Serv-U FTP Risk Factor: High Attack Type: Network/Host Based Brief Description: FTP Serv-U home directory traversal could allow access to FTProot X-Force URL: http://xforce.iss.net/static/5639.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-web-access Platforms Affected: CISCO CBOS Risk Factor: Medium Attack Type: Network Based Brief Description: Cisco CBOS Web access enabled denial of service X-Force URL: http://xforce.iss.net/static/5626.php _____ Date Reported: 12/4/00 Vulnerability: watchguard-soho-get-dos Platforms Affected: WatchGuard SOHO Risk Factor: Medium Attack Type: Network Based Brief Description: WatchGuard SOHO Firewall multiple GET requests denial of service X-Force URL: http://xforce.iss.net/static/5665.php _____ Date Reported: 12/4/00 Vulnerability: phone-book-service-bo Platforms Affected: Windows 2000 Windows NT Risk Factor: High Attack Type: Network Based Brief Description: Windows NT and 2000 Phone Book service buffer overflow X-Force URL: http://xforce.iss.net/static/5623.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-syn-packets Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS SYN packets denial of service X-Force URL: http://xforce.iss.net/static/5627.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-invalid-login Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS does not log invalid logins X-Force URL: http://xforce.iss.net/static/5628.php _____ Date Reported: 12/4/00 Vulnerability: cisco-cbos-icmp-echo Platforms Affected: CISCO CBOS Risk Factor: High Attack Type: Network Based Brief Description: Cisco CBOS large ICMP ECHO packet denial of service X-Force URL: http://xforce.iss.net/static/5629.php _____ Date Reported: 12/2/00 Vulnerability: phpweblog-bypass-authentication Platforms Affected: phpWebLog Risk Factor: High Attack Type: Host Based Brief Description: phpWebLog allows users to bypass authentication X-Force URL: http://xforce.iss.net/static/5625.php _____ Date Reported: 12/1/00 Vulnerability: linux-diskcheck-race-symlink Platforms Affected: Linux Risk Factor: Low Attack Type: Host Based Brief Description: Linux diskcheck race condition could allow a tmp file symbolic link attack X-Force URL: http://xforce.iss.net/static/5624.php _____ Date Reported: 12/1/00 Vulnerability: ie-form-file-upload Platforms Affected: Microsoft Internet Explorer Risk Factor: Medium Attack Type: Network/Host Based Brief Description: Internet Explorer file upload form X-Force URL: http://xforce.iss.net/static/5615.php _____ Date Reported: 12/1/00 Vulnerability: mssql-xp-paraminfo-bo Platforms Affected: Risk Factor: Medium Attack Type: Host Based Brief Description: Microsoft SQL XP srv_paraminfo() buffer overflow X-Force URL: http://xforce.iss.net/static/5622.php _____ Date Reported: 12/1/00 Vulnerability: majordomo-auth-execute-commands Platforms Affected: Majordomo Risk Factor: High Attack Type: Network Based Brief Description: Majordomo allows administrative access without password X-Force URL: http://xforce.iss.net/static/5611.php _____ Date Reported: 12/1/00 Vulnerability: ie-print-template Platforms Affected: Microsoft Internet Explorer Risk Factor: High Attack Type: Network/Host Based Brief Description: Internet Explorer print template X-Force URL: http://xforce.iss.net/static/5614.php _____ Date Reported: 12/1/00 Vulnerability: aix-piobe-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX piobe buffer overflow X-Force URL: http://xforce.iss.net/static/5616.php _____ Date Reported: 12/1/00 Vulnerability: aix-pioout-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX pioout buffer overflow X-Force URL: http://xforce.iss.net/static/5617.php _____ Date Reported: 12/1/00 Vulnerability: aix-setclock-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setclock buffer overflow X-Force URL: http://xforce.iss.net/static/5618.php _____ Date Reported: 12/1/00 Vulnerability: aix-enq-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX enq buffer overflow X-Force URL: http://xforce.iss.net/static/5619.php _____ Date Reported: 12/1/00 Vulnerability: aix-digest-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX digest buffer overflow X-Force URL: http://xforce.iss.net/static/5620.php _____ Date Reported: 12/1/00 Vulnerability: aix-setsenv-bo Platforms Affected: AIX Risk Factor: High Attack Type: Host Based Brief Description: AIX setsenv buffer overflow X-Force URL: http://xforce.iss.net/static/5621.php Risk Factor Key: High Any vulnerability that provides an attacker with immediate access into a machine, gains superuser access, or bypasses a firewall. Example: A vulnerable Sendmail 8.6.5 version that allows an intruder to execute commands on mail server. Medium Any vulnerability that provides information that has a high potential of giving system access to an intruder. Example: A misconfigured TFTP or vulnerable NIS server that allows an intruder to get the password file that could contain an account with a guessable password. Low Any vulnerability that provides information that potentially could lead to a compromise. Example: A finger that allows an intruder to find out who is online and potential accounts to attempt to crack passwords via brute force methods. _____ Additional Information This document is available at http://xforce.iss.net/alerts/advisennn.php. To receive these Alerts and Advisories: - - Subscribe to the Alert mailing list from http://xforce.iss.net/maillists/index.php - - Or send an email to majordomo@iss.net, and within the body of the message type: 'subscribe alert' (without the quotes). About Internet Security Systems (ISS) Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX) is the leading global provider of security management solutions for the Internet. By combining best of breed products, security management services, aggressive research and development, and comprehensive educational and consulting services, ISS is the trusted security advisor for thousands of organizations around the world looking to protect their mission critical information and networks. Copyright (c) 2001 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOmd8xjRfJiV99eG9AQHGkAQAgX36zVSxItnmE160WG5ws5c6tp0F0Sr0 LLmTWkj7iiYUNv2dKxsw0L4IxItVyilHBYDDrQtjpD76ABE1YhaU2qxlFCeNqMoL r21MXXYy0JZWfMCU+t7dk7VNtDzy/0EpbZIcBqziisvQJYgUin3viD54QK+gsYIw jbM10AXVSHw= =5U+8 -----END PGP SIGNATURE-----
var-201912-0581	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parseSummaryInfo function. Crafted data in a DOC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Apple macOS, watchOS, iOS and tvOS are prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple information-disclosure vulnerabilities 3. Multiple memory-corruption vulnerabilities Attackers can exploit these issues to execute arbitrary code, obtain sensitive information and cause denial-of-service conditions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. UIFoundation is one of the UI framework components. A buffer error vulnerability exists in the UIFoundation component in several Apple products. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 iOS 12.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved validation. CVE-2019-8665: Michael Hernandez of XYZ Marketing Profiles Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A malicious application may be able to restrict access to websites Description: A validation issue existed in the entitlement verification. CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Carabaș and Răzvan Deaconescu of University POLITEHNICA of Bucharest Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Telephony Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection Description: A logic issue existed in the answering of phone calls. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Wallet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A user may inadvertently complete an in-app purchase while on the lock screen Description: The issue was addressed with improved UI handling. CVE-2019-8682: Jeff Braswell (JeffBraswell.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of document loads. CVE-2019-8690: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of synchronous page loads. CVE-2019-8649: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative CVE-2019-8671: Apple CVE-2019-8672: Samuel Groß of Google Project Zero CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8677: Jihui Lu of Tencent KeenLab CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of Venustech CVE-2019-8679: Jihui Lu of Tencent KeenLab CVE-2019-8680: Jihui Lu of Tencent KeenLab CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8683: lokihardt of Google Project Zero CVE-2019-8684: lokihardt of Google Project Zero CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative CVE-2019-8687: Apple CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H8AxAA x7PkVYpHr8NsjIwvei5DcsiDtOTNCjfaFMpmfdwgCNvDOYj5L15F1QBDIrfUHkqi D+1H/oJNzLI7cD1/UqbFz5ZhnPoFtjASCnVvDBBfCfOtL3sYRYjbtUEKWFQOx7i2 BLwiUJIkg9pxdrU0Gw7dd8IgII9pK5zPwRgFfrHuNZrBnOkG6JPC9QX+PjP8RUC9 eRFuRzDYBk5UydpwkhWI3RxVg+BcZRh17TRc2gu3osAqPL8sE9FqXhUWQIMEmY78 gDkDEUKht002PLGiBP6LK3r9UXR5OEAu64nMJLBoXXMUX3GK77mN8mroEGJf48l3 C7wKrRg3j0T9N+EDNX/avl3n4r70ixhsGhKqJjqJMBEAhrBfQ/8aMFb0FdrdC3f8 GAxm57MetIE65YzbWmTZoUX0CS9MmKIj9JJMFqcxyP2jNibLbouzAH08N7eTktF/ fsLYrisu3srFalLFr22la4fwaLPYKMZ8huBONGttLhvFs+jYjFZCyzEXCXjyXuZi UjJ90aLnlqHKOQfeu865GAumDP5+9jVRDOpBTMFmR5pj86UCZttTDqMGmW2/EpQ/ LeOyNUGJlq5Lc35/R37YILE6FIjKcfwl3CDUsok1f8RUag5AtcU6s3LlNdzJ+szu 9SsbxcGzn+NbcDU4i53OHyNNkcECGdn86Y+MBPXYrek= =Eo2f -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"
var-200701-0516	Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. A vulnerability in the way Apple Mac OS X handles corrupted Universal Mach-O Binaries may result in execution of arbitrary code or denial of service. Apple iChat is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. The vulnerability exists due to an error in the "fpathconf()" syscall when it is called with an unsupported file type and can be exploited to cause a system panic. The vulnerability is confirmed in version 10.4.8. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Initially discovered in FreeBSD and reported in Mac OS X by Ilja Van Sprundel. ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-09-11-2006.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
var-202011-0444	Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Google Chrome is a web browser developed by Google (Google). Chrome has security holes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212011. AMD Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America App Store Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab AppleGraphicsControl Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A validation issue was addressed with improved logic. CVE-2020-27941: shrek_wzw AppleMobileFileIntegrity Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab Bluetooth Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab CoreAudio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab CoreAudio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreText Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro FontParser Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-27946: Mateusz Jurczyk of Google Project Zero FontParser Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit) FontParser Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro FontParser Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative FontParser Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27931: Apple CVE-2020-27943: Mateusz Jurczyk of Google Project Zero CVE-2020-27944: Mateusz Jurczyk of Google Project Zero Foundation Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins Graphics Drivers Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Graphics Drivers Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative HomeKit Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology Image Processing Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29611: Ivan Fratric of Google Project Zero ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to heap corruption Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun Intel Graphics Driver Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Intel Graphics Driver Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett) Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de) Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab Kernel Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to elevate privileges Description: This issue was addressed with improved entitlements. CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security libxml2 Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz libxml2 Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27920: found by OSS-Fuzz libxml2 Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27926: found by OSS-Fuzz libxpc Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Logging Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) Model I/O Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos Model I/O Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos NSRemoteView Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division Power Management Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative Quick Look Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Ruby Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher System Preferences Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-10009: Thijs Alkemade of Computest Research Division WebRTC Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-15969: an anonymous researcher Wi-Fi Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg Installation note: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6 jjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes 7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj OVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA 7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS cehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd rXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH CBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6 lrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t tuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v Up9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1 HGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4= =osnP -----END PGP SIGNATURE----- . 8.1) - aarch64, ppc64le, s390x, x86_64 3. 8) - aarch64, ppc64le, x86_64 3. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 86.0.4240.75. Security Fix(es): * chromium-browser: Use after free in payments (CVE-2020-15967) * chromium-browser: Use after free in Blink (CVE-2020-15968) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) * chromium-browser: Use after free in NFC (CVE-2020-15970) * chromium-browser: Use after free in printing (CVE-2020-15971) * chromium-browser: Use after free in audio (CVE-2020-15972) * chromium-browser: Use after free in autofill (CVE-2020-15990) * chromium-browser: Use after free in password manager (CVE-2020-15991) * chromium-browser: Inappropriate implementation in networking (CVE-2020-6557) * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-15973) * chromium-browser: Integer overflow in Blink (CVE-2020-15974) * chromium-browser: Integer overflow in SwiftShader (CVE-2020-15975) * chromium-browser: Use after free in WebXR (CVE-2020-15976) * chromium-browser: Insufficient data validation in dialogs (CVE-2020-15977) * chromium-browser: Insufficient data validation in navigation (CVE-2020-15978) * chromium-browser: Inappropriate implementation in V8 (CVE-2020-15979) * chromium-browser: Insufficient policy enforcement in Intents (CVE-2020-15980) * chromium-browser: Out of bounds read in audio (CVE-2020-15981) * chromium-browser: Side-channel information leakage in cache (CVE-2020-15982) * chromium-browser: Insufficient data validation in webUI (CVE-2020-15983) * chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2020-15984) * chromium-browser: Inappropriate implementation in Blink (CVE-2020-15985) * chromium-browser: Integer overflow in media (CVE-2020-15986) * chromium-browser: Use after free in WebRTC (CVE-2020-15987) * chromium-browser: Insufficient policy enforcement in networking (CVE-2020-15992) * chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-15988) * chromium-browser: Uninitialized use in PDFium (CVE-2020-15989) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885883 - CVE-2020-15967 chromium-browser: Use after free in payments 1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC 1885887 - CVE-2020-15971 chromium-browser: Use after free in printing 1885888 - CVE-2020-15972 chromium-browser: Use after free in audio 1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill 1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager 1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions 1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink 1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader 1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR 1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking 1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs 1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation 1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8 1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents 1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio 1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache 1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI 1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox 1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink 1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media 1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC 1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking 1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads 1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm i686: chromium-browser-86.0.4240.75-1.el6_10.i686.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm x86_64: chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6557 https://access.redhat.com/security/cve/CVE-2020-15967 https://access.redhat.com/security/cve/CVE-2020-15968 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/cve/CVE-2020-15970 https://access.redhat.com/security/cve/CVE-2020-15971 https://access.redhat.com/security/cve/CVE-2020-15972 https://access.redhat.com/security/cve/CVE-2020-15973 https://access.redhat.com/security/cve/CVE-2020-15974 https://access.redhat.com/security/cve/CVE-2020-15975 https://access.redhat.com/security/cve/CVE-2020-15976 https://access.redhat.com/security/cve/CVE-2020-15977 https://access.redhat.com/security/cve/CVE-2020-15978 https://access.redhat.com/security/cve/CVE-2020-15979 https://access.redhat.com/security/cve/CVE-2020-15980 https://access.redhat.com/security/cve/CVE-2020-15981 https://access.redhat.com/security/cve/CVE-2020-15982 https://access.redhat.com/security/cve/CVE-2020-15983 https://access.redhat.com/security/cve/CVE-2020-15984 https://access.redhat.com/security/cve/CVE-2020-15985 https://access.redhat.com/security/cve/CVE-2020-15986 https://access.redhat.com/security/cve/CVE-2020-15987 https://access.redhat.com/security/cve/CVE-2020-15988 https://access.redhat.com/security/cve/CVE-2020-15989 https://access.redhat.com/security/cve/CVE-2020-15990 https://access.redhat.com/security/cve/CVE-2020-15991 https://access.redhat.com/security/cve/CVE-2020-15992 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX4VjutzjgjWX9erEAQiBog/8D4EAnQmD6yqmkt9gVgCzoz1v/uOgnTHv lghXbEidNiTmb8DlvwZKbqA/2wz/kz+vW5v0bXZNjngYnbZsev252qT9L2LQ99UA +uirPF/zddn+T0tZ5PQHWBYpWgjF8XRQu7lJo7QHbB7GEMXJJ4SBN3erYqOjKKUo 3DakSX4DH1VIrSY+6kJ6fx26IwD7tWSBlsRklatxX1NkhrBg0Ha7lWjHhRV6WLjz CZFxwFNJJ6bGsf8eIaaps8Ab21m87BbwOyGt2aaFT9sC5noR4mTTjBGB4lmbslB3 Vcl7PSxqs/AzDK6fAqLOJ7nqZJpiQq9ii5Z3oBbiG3J8BO6sgY7cG+D2bVWD+3eV 9L13REiW/iPXqGbpgPre8WhAwg3wdNYDiaYO6pIC7N1a/btxIdq5Gjb31dWiFdyq XOtdEO9CieZGYNEoKf+wfe03SXCEvJz0EZZVwcFhqd8cF8xhUa2MNjpKDHryUjXg 8rJGA+5uS/UJHwToK++Q4+0Ze/jIxSuKRA7h9UhdACksgeMmFUdyfuLVfx1RdgEX TRtO8kHaGBHz60SY4Kd6xkZks1+FqotFF2zvs4gq8XvPFbHvPgt36qbtxOHYj1BF pl+WqaRsDOp6VmbMLAEJwZnRsR0dNN62MCgxB5sNRb5l7sSYOqYClV2zR47cEgFJ ObQiF6iTAHk=AItV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. For the stable distribution (buster), these problems have been fixed in version 78.4.0esr-1~deb10u2. We recommend that you upgrade your firefox-esr packages
var-200907-0693	The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). The Apache 'mod_deflate' module is prone to a denial-of-service vulnerability. Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services. Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <securitymandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02579879 Version: 1 HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-12-07 Last Updated: 2010-12-06 ------------------------------------------------------------------------------ Potential Security Impact: Local information disclosure, increase of privilege, remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). References: CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918 SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to v2.0.63.01 Note: HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX Web Server Suite v.2.32 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1956 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2009-1955 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2009-1890 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1195 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2009-0023 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v.2.32 contains HP-UX Apache-based Web Server v2.0.63.01 Web Server Suite Version / Apache Depot name HP-UX Web Server Suite v.2.32 HP-UX 11i PA-RISC with IPv6 HP-UX 11i version 2 PA-RISC/IPF 64-bit HP-UX 11i version 2 PA-RISC/IPF 32-bit HP-UX 11i version 3 PA-RISC/IPF 64-bit HP-UX 11i version 3 PA-RISC/IPF 32-bit MANUAL ACTIONS: Yes - Update Install Apache-based Web Server v2.0.63.01 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v2.32 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.31 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 December 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkz+xL4ACgkQ4B86/C0qfVmhiwCg8wrmupoKQCwiB89Wb3dQtBUe o2EAoOcrw8fBt6Tx5ep61P+YjJaHV+ZU =fFig -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. =========================================================== Ubuntu Security Notice USN-802-1 July 13, 2009 apache2 vulnerabilities CVE-2009-1890, CVE-2009-1891 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.6 apache2-mpm-perchild 2.0.55-4ubuntu2.6 apache2-mpm-prefork 2.0.55-4ubuntu2.6 apache2-mpm-worker 2.0.55-4ubuntu2.6 libapr0 2.0.55-4ubuntu2.6 Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.10 apache2-mpm-perchild 2.2.8-1ubuntu0.10 apache2-mpm-prefork 2.2.8-1ubuntu0.10 apache2-mpm-worker 2.2.8-1ubuntu0.10 apache2.2-common 2.2.8-1ubuntu0.10 Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.2 apache2-mpm-prefork 2.2.9-7ubuntu3.2 apache2-mpm-worker 2.2.9-7ubuntu3.2 apache2.2-common 2.2.9-7ubuntu3.2 Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.2 apache2-mpm-prefork 2.2.11-2ubuntu2.2 apache2-mpm-worker 2.2.11-2ubuntu2.2 apache2.2-common 2.2.11-2ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. (CVE-2009-1891) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.diff.gz Size/MD5: 125440 0835eafec701c6f327e82270dca754a1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.dsc Size/MD5: 1156 13cf43efabdc8e2180ade01709ff4063 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.6_all.deb Size/MD5: 2125302 f97b87210dc35e7cf1b4014d755f5cc2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 833688 123cb5995bd422cf218db15691284ed2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 228978 33ea13f64f33acb69b73ad4c2fdfd9ff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 223958 e94df0f2fdcf8d0bf9e95d5149c58f73 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 228556 4e0c0d0ff7fc315c30250fb3d828cdfd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 172066 1f4106b81cc09f4bd78e066aef94201b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 172850 3b433ffaca5e5e36f7ebc2881fd7f1a5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 94914 b872cbff9cda76856337a278dba5a9ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 36956 f628faa804ed2c2b5525952fbd94d5ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 286398 3ebb11712b0466f2c3d0b5243d1a0339 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_amd64.deb Size/MD5: 144970 a8e8615104349a395c695915079eab69 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 786908 1c3f456b2c87dcf5fd21c9e783f4d06d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 203576 772d6129a7ef92cf5887c25466fda11b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 199470 315e863b2ad6aa1b669e7914cebc38a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 203002 573f96a5d3787106c8d6007d8afb88f6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 172066 57fcc673853907cc24c432ef8b0f8e94 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 172834 85320d327250cf86fd6c48813384bdc0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 92862 d774e289f718d119dad6e765fd900679 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 36958 9b8758253a277d81c02b1c9fd50b8eba http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 262426 668cbde23862b43743e935ca8ff24e8a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_i386.deb Size/MD5: 132884 f0bbccb2fc0f96b88b124c6942b9d957 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 859782 b3d991a69f5703d9e1339eafd0b5df17 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 220946 098441a8af78db25aea174320ffcd409 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 216552 a381af581b41112ac975fca40bec02e6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 220496 0d5ff99a81d4581edca2effaf04f1473 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 172052 84e4b88525b4ce0923c898264dbfea5a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 172850 159e27770e6f51e03f5284ea7f5ca190 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 104626 e320d5a9527e39d1998f7212db15825e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 36960 cdb428ea696ff7e0aaa972041839aef2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 281970 80f4c670c5c142303b7da95ec7f86b25 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_powerpc.deb Size/MD5: 142094 630a20d53c2ffe01b38c9c9e53badb37 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 804084 1025f38adde2a04a719393d5693dbd68 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 211136 73ae94138fb8b3e4dfbc1c9d5079a92c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 206806 431b7e7e3462e125d141ee9ec55a7825 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 210416 a2ce963e90818b3093d990f4632c4e8a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 172070 8335845d072dc411e8e670807dc7c604 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 172850 93e8d610d683005695699a153c40ce06 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 93966 87d7968cec960afde5f9996803ac8a8a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 36956 585634ecaa1af88b1d92ab48feed15f7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 268546 c2b2894973ed231bf0292100ca662ced http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_sparc.deb Size/MD5: 130872 f109c1fe224df9957a8837358365c750 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.diff.gz Size/MD5: 135972 a2c9442eec99007779a145e71ba68b30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.dsc Size/MD5: 1381 54f6072ce246ebc26a350fb53e5c99bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.10_all.deb Size/MD5: 1928676 7231ea6584bc9b64c87d84a2fd7e5d00 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.10_all.deb Size/MD5: 72560 abbc80191e059fce87c599f947b3b402 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.10_all.deb Size/MD5: 6256206 e50391cd977f7df987c13e17bb163f8f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10_all.deb Size/MD5: 45482 a40b40465c3f99f1dd15f8bc85d24b23 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 252722 95177119382131308fb3dcf98507a15c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 248352 20792be8ccf5b73e46ec4ca3f8c0726b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 252114 3a45c61b120d53327f52b101da77fe8f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 205226 1cdb16ee59e67550d536fc1ca2bf7576 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 205994 93adabf4102d299fb420a764a8cbfe33 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 141320 11fbd8d338da9da4fb2cfa47411e23b4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_amd64.deb Size/MD5: 803332 f31a349c870550a044ac939c4876ead3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 235638 840b0a0bd4399a9799da6f42df7ccbb4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 231238 6a4d251375dc0f811f427ed3377ac0ab http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 234880 354e2a88b0dbc19a10a5294879a507b1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 205234 21900ec04423fb920197870e470b9aa7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 206016 8796b13fb273f61c6c7c4bfb9adbe6aa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 140294 ea6f40b6c12c27851a9f4f1e88aed544 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_i386.deb Size/MD5: 754978 2ba7c3f44c9a5ed197c932232dad4808 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 235176 6248fed01caabbfb4d70d0c13c7f17f5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 230866 95f247897f3bd77ea304dfd6c9dfd85c http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 234344 987ff978cbacde11bc7353702973d125 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 205230 d7576f846491b2833c50f39cc1b0dc75 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 206002 0e1b63983e424122ed1d39826d76335c http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 140878 ce996c6cb3ec3552302869ae2256b20e http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_lpia.deb Size/MD5: 749176 d26c165846c36706ed1d7590a8be3f7b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 253754 33add2865e4cd1c43a43895870454361 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 249222 538a952111c80146dd1887b556f7116b http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 253320 ad19124a89163a1f1d2212a3ac67a3fc http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 205240 46728c8422948938f06a02677c2a5c77 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 206016 05d6ac042561eb4ea302c90540c64528 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 158034 051b060ed2dd44f5271401e4acc2b9b4 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_powerpc.deb Size/MD5: 905448 a839a4301bca447e91e58174aebad9be sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 237026 7f91acb658058ba572cfc7d223e9968c http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 232794 8af73b6967e695bfcbb900bf0423a366 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 236262 ca2efbd5beef24f97cc4e94f0d45e511 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 205236 11ce3c413997a7203a2b1ddf2c7b608c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 206016 0b11cbb82ae743d2300a5da249af99a7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 143500 00c0a815768281a1939510ecf16615bc http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_sparc.deb Size/MD5: 764418 f1356117d9a2825fc87cb91344704e03 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.diff.gz Size/MD5: 132027 05239552b7a95f91eef1d7606ef280c4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.dsc Size/MD5: 1788 423154f094b3f5629e698638d9505a01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.2_all.deb Size/MD5: 2041678 859eb46d09d45f53599d9d0a71f2fa89 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.2_all.deb Size/MD5: 6536854 e3572b1d683e4ee6967779dd07b637fd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2_all.deb Size/MD5: 45150 0ff7bf10b5bef6cf7258e6223f78736d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 254642 9f3bb3444753ace1ca55651c68924739 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 248846 00267b5ab16a55aed008578fbdb24bed http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 254018 81085b6d61faeb846e94b1a3bf8eb6a2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 208170 8e360619ff15112e636aaedc0340f1ee http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 84142 3eaf3d803d582d3eb6fb29a79251df69 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 82494 8f293a595f34d6710adb931d5dbcaf0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 209220 73d2d91d313b951f643bf413467c4e5a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 147398 8a772d1dfdb49bae605bd7dee3f9f436 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_amd64.deb Size/MD5: 819864 42aeca74c2ee5d0f5a5a4e10037ece11 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 240962 6427fbd76596cbe52029e6ed5a7da703 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 235678 5155e38f8137c85b9c229b4eafa144e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 240298 9f4f26b4d98d8707e15b6b7d02430e5e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 208190 f68c7d60a09d53af6a8c8640b05e4ad9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 83572 dd5d339c3e3af404aa3ffd0904ec6c7c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 81968 7c7775dc8c89c4f7aec5f8c8a5f26e60 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 209236 079855f2fdc6843758bcad41421a46ea http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 146240 0b7ff0f038c7c40d84a1f342a1bbefca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_i386.deb Size/MD5: 778084 226ed90dc2ba09af3a38dcc40b38d834 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 237982 7c7a5daf494862704d28d5c85d6c31cc http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 232612 96ea385cf513d314d8e84a4c442cc234 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 237230 4003bab7bbb427b1e9ec0e6d97c3e69b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 208176 af28e327890eaddff4108231268eee6e http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 83530 4725b6872ac3ac9ad1ae62ba03592964 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 81950 adf39a429f5c04b6a5976c0b5ff30cd4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 209232 477e0f43b36e9961c13b6c0fab7a0dc1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 145928 6089cb1b3efa73128a00a237165076ea http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_lpia.deb Size/MD5: 766230 f876845ac3aae12ef2e0f36996531ef0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 261150 afc86ac304cdc5af1550d346a8f8a3f9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 255750 b301c6b3f3b4ae21e5ef5cb7ffb56683 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 260470 4c333c87af3a087faeec0da6a282295b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 208184 94332d103f410b07c99d2f849e108ec6 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 84210 edb9eb638c12753a58a5d582ecaa60fa http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 82556 356606fd10fe199eda49ba3258de85e4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 209232 0691c4dd34cb05a93799caa9929104d4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 160676 43a1b64573dd41946dec05b7afeeccf8 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_powerpc.deb Size/MD5: 925826 7a95a689bc4e8a0462e9d8e43ac88f5d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 246372 db9d10ebc566f9f50210670fc8882819 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 240922 2b5b20a703e7f5d8fbc50fb1ee0b40f4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 245692 76832085d1b4ffd02948c9ac7b92b54e http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 208196 f6355dfafe95b8915593d514d6ec4cdc http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 83754 2aa37c091a042bd92eea616af4eaa13d http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 82126 dae25ab8ca9612b725ea89fb22cee433 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 209240 a93acaff6c5151aeddbbdeb335a1c8da http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 150576 43675606769e8ea6cbc172bbdf31ea09 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_sparc.deb Size/MD5: 783584 323183add2eaf6e1360c9eefcf0d5f8a Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.diff.gz Size/MD5: 135188 d64295fbf395fedc32558e37c89dd582 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.dsc Size/MD5: 1795 45bf7dad8a81012c187e219c6c863c9d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.2_all.deb Size/MD5: 2218918 e157363876dbb978176c6ba59dc01d61 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2_all.deb Size/MD5: 46278 58851aa10579254cdb4d9f89e8b597c5 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.2_all.deb Size/MD5: 6946286 067a7635b8627b031b9eb9cf0cc847bf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 258646 7446874f9db13dea5da20f225024f477 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 252848 823147209be87ff9322c276a8e2beace http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 258024 6bfdbf469c0b0ba45e543bf7688ac5ee http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 212932 aeeb0ccb1f8e72a15aaf08450a056c1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 213906 8621b4d1d85ab19f154a86ec465fa316 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 150776 f7def056c536f9b1a329a3b6fef43b7f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 826672 e18163156730829c91161191ee00b340 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 87442 39f0e4aaf42e4bb049da17f26a0d9c25 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_amd64.deb Size/MD5: 85730 a11a39f7102937e5d00b03190ff42a60 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 245132 c7202ff8f066903e207ebff93557644a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 239670 18279b3faf8344f9e7f903862114c998 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 244518 c24b66a4a61c2af8edf32b10867cf958 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 212922 a009d9ba9486ba53a3441ca2a48bc9d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 213898 6e26de281d137dfab7dbc700ca1f7eb5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 149678 d4499d622b98d7a9ed3a1b700f954e95 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 783924 45fbb8ab4bfa3297b0e04231677f86a1 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 86818 9d01aae1849d4ccc93c64e7640912b64 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_i386.deb Size/MD5: 85222 0a3f70a6697f945a1acec0629edd8586 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 242014 0b9676d42353eae308b923ac2c2172d7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 236570 d42595dd3d5229a7db2f4a6b3047a372 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 241440 3cfa67183c677cc44fc9f0354231978b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 212924 83433f6847c191927c8bb5234339416a http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 213902 4be2d9e80eabaea30169e3fa39ebe3d8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 149396 20350717c1cebdf372f0d11d09374852 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 773130 cbed31d2962a5e0c77a400434f9b7ff4 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 86764 6a9b7a0a9015044fff19ff9bf479fbc3 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_lpia.deb Size/MD5: 85188 2d685381871858d3c685da5a2b44f0f7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 265094 41f064e2daa4ddaf422bcd5013163c11 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 260042 f60b2311f40da9c254fc7583a6a4215a http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 264720 80ba36d44ae08be1f5593b9d60c873e9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 212934 a35fed013193cf2d0c021baaac793a13 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 213912 d6f400db5f98bb345b063b5a191735fc http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 164086 36c7ab8da76606f2a1fa12328cd35123 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 932026 9a66083f7211f75a083c20a94efebf12 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 87516 8a913c9fd0b3f6e7c71cfb6ce6345702 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_powerpc.deb Size/MD5: 85794 c74337f58c4bad32e2ca1349a182696a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 250414 dd2f00b98a1089c03950010ee4feacdc http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 244704 9748c6a30dd03d7a94b7ee0e5cbbf37c http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 249756 68a0607bb1d915a1da034f3ecda6e492 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 212924 03ceb43c9e4494db9ce8e2375edadd5b http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 213900 c17c6bdc630a6229922c969f94988c32 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 153928 0109fff49b9f806f9de07f2fbac15945 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 788928 11998be7f1d0a6f1952646df23936645 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 87010 a87263816f682082b234a7b3421b3729 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_sparc.deb Size/MD5: 85318 a17451cf2fa5597b4bb6abb2145f2a55 . Using mod_deflate together with mod_php could cause segfaults when a client aborts a connection. This update corrects this flaw. For reference the original advisory text is below. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed. (CVE-2009-1891) The oldstable distribution (etch), this problem has been fixed in version 2.2.3-4+etch10. The other distributions stable (lenny), testing (squeeze) and unstable (sid) were not affected by the regression. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated packages for apache2-mpm-itk for the s390 architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 (2.2.3-4+etch10), apache2-mpm-itk (2.2.3-01-2+etch4) package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10.diff.gz Size/MD5 checksum: 127383 f93c44605a130b89c93b967c6e6bb32f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz Size/MD5 checksum: 29071 63daaf8812777aacfd5a31ead4ff0061 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4.diff.gz Size/MD5 checksum: 12732 f46b409815f523fb15fc2b013bece3b2 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10.dsc Size/MD5 checksum: 1070 4baefcb4c6ec1f2d146f1387a5240026 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4.dsc Size/MD5 checksum: 676 b385d6a3a328371323c79c7906deb5bf http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch10_all.deb Size/MD5 checksum: 6673900 95cf69a8148a93569f183e417753226d http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10_all.deb Size/MD5 checksum: 41480 dc99f23beb96a0a743d3d61d6c8d941d http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch10_all.deb Size/MD5 checksum: 2243464 1239e372d92afb5551cfa6018e509797 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch10_all.deb Size/MD5 checksum: 274332 5ac8887f0d4b5e46a2d6461a1c75234d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 345878 09b90c946e6bfab4df70096345b73753 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 445144 c578da017ebba196a95e148b22f45e0f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 409542 7a2897d2effa66ce0e8125e81c12d98e http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 410448 f6b3abb4d3f7e58f5439969bacdcd693 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_alpha.deb Size/MD5 checksum: 185014 699e45fb31514a058a69fb6c6e7bc7ae http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 1043540 f438e482259956a7e0f110dc28ac868a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 449444 f0b040f783a19ea83aa7fc195dfd5b95 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 450050 9fe6f4b3f9006c9932161272a78c6fdf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 999344 76762c4b207fc51a41ba2352a830de5b http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 408140 8c7838b3bdb58da06e2d1b38ac108c5d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 436052 ee0c8c2b7f68310c638797ddb17e63d4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_amd64.deb Size/MD5 checksum: 172670 95a2ae134db345fa0d511c8195c975da http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 436550 93036fabc3c61c162386e8d60be0b748 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 432066 a9135049fd176e5110c8835d735ac37c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 341944 b95dffeda21dd8e9e57f95d7dcf2c6db http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 408854 e57b29deda62fd0a7166058c9714a4af arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 421544 318e056fc1eba12581f8cd68a58a2efe http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 420848 855526f42acaf33e10f39156c0ef86a7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 967868 1d5b37c9e9b43447c09d859f48e3db08 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 416808 98bf5d67c2c5c1a0bcdaf5dd0e4a84b4 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 346016 b8ebca72754f2a5c060fd0707dae0b48 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_arm.deb Size/MD5 checksum: 157494 0699661a334ce691bee31bda2b5aea13 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 407924 169a45721a2a2348b9d4fd9ca4018638 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 408736 3e3285544b775977559a7b5a667e9467 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 439794 ae3ee116b4f6734d19e2608c986f20a7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 410668 0332975eef0ca8914493434c81a3b57c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 351926 aba7da336587d20e3472c42399a60cbb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 443764 94b899d6e77c0a1138a1adca32e964d4 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 409798 87358d3a8d78ae38b43147ffc005dbea http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 1078344 5c5df848f29a6b94edd74aaa1938339d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 443176 a3418d816ee5814bf8e4e1782ebf1a13 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_hppa.deb Size/MD5 checksum: 179290 76bada2a7c0b4ce41781da02bc1d6854 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 424296 1ac7e4c1b706756a3c68373994eee40d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_i386.deb Size/MD5 checksum: 160986 f072fe639f1ecfd54c308854f2bf835e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 342538 0cde1185cf0ad60b108a1495920279bb http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 410152 fff23ec5be34b4bb737b82193027d1f5 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 409140 41ab1d141fc82da6ae31151cc4fbf9cd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 419960 ad49cd170aa024b5675824bc7ad7f5a9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 423772 7d65eb2f244037796be8a002b2c5a8aa http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 962518 0c15eacb1a69d8a4c1fe8b51357355ca ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 360442 5390c02c0408fd09da0c80dcbe64213f http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 407446 c36f9d80cd0797b87350bf6143e9ee73 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 490906 9a344d49dc0ec7520d0f643fc3146aa6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 497976 7317cb12cb6221de213560ded3b70d23 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 1204042 68ebaec425c18cccc50de59cf02a4299 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 497164 f9b49290d914a08bde04dfbb7fe8e08c http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 406794 fc9a49dd15f1b4ff329eaa1c34a42010 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_ia64.deb Size/MD5 checksum: 231680 3c7bef395cd12838a2558a283de92b36 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 407450 0b4e8f985961199ab4544d7473c97fb8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 429886 8187f9ba100e7c0888e380d550fc0a9f http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 349856 0af264b2e9786b205f41bd98178bd57c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_mips.deb Size/MD5 checksum: 170252 1231b6309bcf7bdf0e0da6056b5f476a http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 951382 10a60cd2f5b966e57b978e02c55d579b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 433908 da8b85f735da139c1f1c7518d3ddf044 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 434564 e0ef1472f70fe37b0ba922c56100f934 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 406790 d8805ca4ccb44dd6df20a99f75fcae56 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 433410 03caef7359294827ca37daf9e12eca88 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 406794 2eb44e4936c0d66460f128bacc64d6a2 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_mipsel.deb Size/MD5 checksum: 168612 d9bf709f9c8e6c3bd1a0b610e2c14997 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 350096 e9171305fd5073da24561a594a0e7ce7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 407444 afd60533d6769b415ed72160009599f0 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 428732 694d06725c3f3069c5474a1eba8bc5d8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 951118 40581cf551d7e6ef3daff28b15d27b43 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 434082 4e6d114481480983ebe412e59f3144a1 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 409238 ee52afe172a6adff0fb2189527feb1ab http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_powerpc.deb Size/MD5 checksum: 167606 5c94bb438e858477696f14f9e8c4ddd6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 354700 91bec57127d987f81063f403eb135aed http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 428560 d4e4f84b31105d642438a98d1cd77115 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 433126 8eebf2551b490b17446d3d32d0260387 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 432548 dbe2d1e2911315057ca5abde7ed6cbb8 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 409992 9371af946dc7a6f4155dc3003de1177b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 1060574 b7fec9b18fd7df2cf136ca125c12e4b6 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 437110 aa86e0b23b46beeaaa5438336fe04552 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 406788 d5e931d2fdf36c7fb983e7e1f710653c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 407450 932daa00b0a6d967b1af613ea0930034 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 348416 70b8e219b4c86095065b11875ec83b01 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 993986 0dd64eb40ee4a89fd3fbff4d1997d30e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 442014 ccb9c5a6ca257e10305cd3772b1d83ff http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 443016 4b986bfae8d89f66e8482632d528a449 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 422172 ffb5cc475c8c9773b588afee5cf2e516 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 959208 3122892629c49a09287803c4f0298281 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 409556 a32ab93bcc5458fa0a6d98634075c6e6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 422568 8e9b179b70d757b411e76e5b7005ba6e http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_sparc.deb Size/MD5 checksum: 157826 bdc36b078bd4f6cb2a5ed6ea7714a74c http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 408632 a834c57ec1d4022e335f7438038ae042 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 343696 db40b0d4b164b8490009aa110621db9c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 418790 6e51c4c6412d868e5e55808fd4f6865a These files will probably be moved into the stable distribution on its next update
var-201912-0552	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.2; tvOS prior to 12.2; Safari prior to 12.1; Windows-based iTunes prior to 12.9.4; watchOS prior to 5.2; Windows-based iCloud prior to 7.11. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3902). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-27-1 watchOS 5.2 watchOS 5.2 is now available and addresses the following: CFString Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. CVE-2019-8552: Mohamed Ghannam (@_simo36) Contacts Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher CoreCrypto Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher file Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Foundation Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero GeoServices Available for: Apple Watch Series 1 and later Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team Kernel Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Messages Available for: Apple Watch Series 1 and later Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. CVE-2019-8548: Tobias Sachs Power Management Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Privacy Available for: Apple Watch Series 1 and later Impact: A malicious app may be able to track users between installs Description: A privacy issue existed in motion sensor calibration. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge, Ian Sheret of Polymath Insight Limited Siri Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8518: Samuel Groß of Google Project Zero CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". ========================================================================== Ubuntu Security Notice USN-3948-1 April 16, 2019 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in WebKitGTK+. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libjavascriptcoregtk-4.0-18 2.24.1-0ubuntu0.18.10.2 libwebkit2gtk-4.0-37 2.24.1-0ubuntu0.18.10.2 Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.24.1-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: September 06, 2019 Bugs: #683234, #686216, #693122 ID: 201909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4" References ========== [ 1 ] CVE-2019-11070 https://nvd.nist.gov/vuln/detail/CVE-2019-11070 [ 2 ] CVE-2019-6201 https://nvd.nist.gov/vuln/detail/CVE-2019-6201 [ 3 ] CVE-2019-6251 https://nvd.nist.gov/vuln/detail/CVE-2019-6251 [ 4 ] CVE-2019-7285 https://nvd.nist.gov/vuln/detail/CVE-2019-7285 [ 5 ] CVE-2019-7292 https://nvd.nist.gov/vuln/detail/CVE-2019-7292 [ 6 ] CVE-2019-8503 https://nvd.nist.gov/vuln/detail/CVE-2019-8503 [ 7 ] CVE-2019-8506 https://nvd.nist.gov/vuln/detail/CVE-2019-8506 [ 8 ] CVE-2019-8515 https://nvd.nist.gov/vuln/detail/CVE-2019-8515 [ 9 ] CVE-2019-8518 https://nvd.nist.gov/vuln/detail/CVE-2019-8518 [ 10 ] CVE-2019-8523 https://nvd.nist.gov/vuln/detail/CVE-2019-8523 [ 11 ] CVE-2019-8524 https://nvd.nist.gov/vuln/detail/CVE-2019-8524 [ 12 ] CVE-2019-8535 https://nvd.nist.gov/vuln/detail/CVE-2019-8535 [ 13 ] CVE-2019-8536 https://nvd.nist.gov/vuln/detail/CVE-2019-8536 [ 14 ] CVE-2019-8544 https://nvd.nist.gov/vuln/detail/CVE-2019-8544 [ 15 ] CVE-2019-8551 https://nvd.nist.gov/vuln/detail/CVE-2019-8551 [ 16 ] CVE-2019-8558 https://nvd.nist.gov/vuln/detail/CVE-2019-8558 [ 17 ] CVE-2019-8559 https://nvd.nist.gov/vuln/detail/CVE-2019-8559 [ 18 ] CVE-2019-8563 https://nvd.nist.gov/vuln/detail/CVE-2019-8563 [ 19 ] CVE-2019-8595 https://nvd.nist.gov/vuln/detail/CVE-2019-8595 [ 20 ] CVE-2019-8607 https://nvd.nist.gov/vuln/detail/CVE-2019-8607 [ 21 ] CVE-2019-8615 https://nvd.nist.gov/vuln/detail/CVE-2019-8615 [ 22 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 23 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 24 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 25 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 26 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 27 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 28 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 29 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 30 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 31 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 32 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 33 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 34 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 35 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 36 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 37 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 38 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 39 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 40 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 41 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 42 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 43 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 44 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 45 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 46 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 47 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 48 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 49 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 50 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 51 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 52 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 53 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 54 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 55 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 56 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 57 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 58 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 59 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 60 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 61 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 62 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 63 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 64 ] WSA-2019-0002 https://webkitgtk.org/security/WSA-2019-0002.html [ 65 ] WSA-2019-0004 https://webkitgtk.org/security/WSA-2019-0004.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201909-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance. Installation note: Safari 12.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 ------------------------------------------------------------------------ Date reported : April 10, 2019 Advisory ID : WSA-2019-0002 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0002.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0002.html CVE identifiers : CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-6201 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to dwfault working with ADLab of Venustech. CVE-2019-6251 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Dhiraj. CVE-2019-7285 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to dwfault working at ADLab of Venustech. CVE-2019-7292 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team. CVE-2019-8503 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to Linus S\xe4rud of Detectify. CVE-2019-8506 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8515 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to James Lee, @Windowsrcer. A cross-origin issue existed with the fetch API. CVE-2019-8518 Versions affected: WebKitGTK before 2.22.7 and WPE WebKit before 2.22.5. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8523 Versions affected: WebKitGTK before 2.22.7 and WPE WebKit before 2.22.5. Credit to Apple. CVE-2019-8524 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8535 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Zhiyang Zeng, @Wester, of Tencent Blade Team. CVE-2019-8536 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Apple. CVE-2019-8544 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to an anonymous researcher. CVE-2019-8551 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Ryan Pickren, ryanpickren.com. CVE-2019-8558 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8559 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Apple. CVE-2019-8563 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Apple. CVE-2019-11070 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Igalia. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, April 10, 2019
var-201912-0592	An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. plural Apple The product contains an input validation vulnerability due to a flaw in memory handling.You may be able to elevate privileges through the application. SQLite is prone to the following security vulnerabilities. 1. Multiple privilege-escalation vulnerabilities 2. A memory corruption vulnerability 3. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----
var-201203-0192	Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Denial of service operations through crafted documents by third parties (DoS) May be affected or unknown in detail. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Google Chrome versions prior to 17.0.963.65 are vulnerable. Google Chrome is a web browser developed by Google (Google). This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. CVE-ID CVE-2012-3689 : David Bloom of Cue WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping selected text on a web page may cause files from the user's system to be sent to a remote server Description: An access control issue existed in the handling of drag and drop events. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: An attacker may be able to escape the sandbox and access any file the current user has access to Description: An access control issue existed in the handling of file URLs. An attacker who gains arbitrary code execution in a Safari WebProcess may be able to bypass the sandbox and access any file that the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: March 25, 2012 Bugs: #406975, #407465, #407755, #409251 ID: 201203-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.83 >= 17.0.963.83 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction. A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.83" References ========== [ 1 ] CVE-2011-3031 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3031 [ 2 ] CVE-2011-3032 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3032 [ 3 ] CVE-2011-3033 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3033 [ 4 ] CVE-2011-3034 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3034 [ 5 ] CVE-2011-3035 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3035 [ 6 ] CVE-2011-3036 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3036 [ 7 ] CVE-2011-3037 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3037 [ 8 ] CVE-2011-3038 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3038 [ 9 ] CVE-2011-3039 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3039 [ 10 ] CVE-2011-3040 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3040 [ 11 ] CVE-2011-3041 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3041 [ 12 ] CVE-2011-3042 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3042 [ 13 ] CVE-2011-3043 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3043 [ 14 ] CVE-2011-3044 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3044 [ 15 ] CVE-2011-3046 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046 [ 16 ] CVE-2011-3047 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047 [ 17 ] CVE-2011-3049 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3049 [ 18 ] CVE-2011-3050 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3050 [ 19 ] CVE-2011-3051 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3051 [ 20 ] CVE-2011-3052 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3052 [ 21 ] CVE-2011-3053 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3053 [ 22 ] CVE-2011-3054 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3054 [ 23 ] CVE-2011-3055 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3055 [ 24 ] CVE-2011-3056 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056 [ 25 ] CVE-2011-3057 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057 [ 26 ] Release Notes 17.0.963.65 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.htm= l [ 27 ] Release Notes 17.0.963.78 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-up= date.html [ 28 ] Release Notes 17.0.963.79 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.= html [ 29 ] Release Notes 17.0.963.83 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc. ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599 IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ) Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743 Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "6.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE-----

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
jvndb-2023-000009	EasyMail vulnerable to cross-site scripting	2023-01-24T16:00+09:00	2023-01-24T16:00+09:00
jvndb-2023-001108	Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections	2023-01-24T13:38+09:00	2023-01-24T13:38+09:00
jvndb-2023-001008	File and Directory Permissions Vulnerability in Hitachi Tuning Manager	2023-01-18T13:51+09:00	2023-01-18T13:51+09:00
jvndb-2023-000007	WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal	2023-01-17T14:17+09:00	2023-01-17T14:17+09:00
jvndb-2023-001005	Active debug code vulnerability in OMRON CP1L-EL20DR-D	2023-01-12T15:53+09:00	2023-01-12T15:53+09:00
jvndb-2023-001003	Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH	2023-01-12T15:06+09:00	2023-01-12T15:06+09:00
jvndb-2023-000006	Multiple vulnerabilities in PIXELA PIX-RT100	2023-01-12T14:50+09:00	2023-01-12T14:50+09:00
jvndb-2023-001002	OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal	2023-01-11T17:07+09:00	2023-01-11T17:07+09:00
jvndb-2022-002779	Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)	2022-12-16T13:29+09:00	2023-01-11T16:55+09:00
jvndb-2023-000005	Multiple vulnerabilities in MAHO-PBX NetDevancer series	2023-01-11T16:11+09:00	2023-01-11T16:11+09:00
jvndb-2023-000003	TP-Link SG105PE vulnerable to authentication bypass	2023-01-11T15:04+09:00	2023-01-11T15:04+09:00
jvndb-2023-000004	pgAdmin 4 vulnerable to open redirect	2023-01-11T14:23+09:00	2023-01-11T14:23+09:00
jvndb-2023-000002	Digital Arts m-FILTER vulnerable to improper authentication	2023-01-06T14:57+09:00	2023-01-06T14:57+09:00
jvndb-2023-000001	Multiple code injection vulnerabilities in ruby-git	2023-01-05T15:51+09:00	2023-01-05T15:51+09:00
jvndb-2022-002838	Multiple vulnerabilities in Fuji Electric V-Server	2023-01-04T14:21+09:00	2023-01-04T14:21+09:00
jvndb-2022-002837	Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS	2023-01-04T14:16+09:00	2023-01-04T14:16+09:00
jvndb-2022-000102	Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries	2022-12-21T14:23+09:00	2022-12-21T14:23+09:00
jvndb-2022-000101	+Message App improper handling of Unicode control characters	2022-12-21T14:13+09:00	2022-12-21T14:13+09:00
jvndb-2022-002783	Use-after-free vulnerability in Omron CX-Drive	2022-12-20T15:32+09:00	2022-12-20T15:32+09:00
jvndb-2022-002780	Command injection vulnerability in SHARP Multifunctional Products (MFP)	2022-12-20T12:12+09:00	2022-12-20T12:12+09:00
jvndb-2022-000099	Corel Roxio Creator LJB starts a program with an unquoted file path	2022-12-19T13:47+09:00	2022-12-19T13:47+09:00
jvndb-2022-000098	Zenphoto vulnerable to cross-site scripting	2022-12-19T13:39+09:00	2022-12-19T13:39+09:00
jvndb-2022-002771	Information Exposure Vulnerability in JP1/Automatic Operation	2022-12-07T17:30+09:00	2022-12-07T17:30+09:00
jvndb-2022-000091	WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables	2022-11-18T15:14+09:00	2022-11-18T15:14+09:00
jvndb-2022-000089	RICOH Aficio SP 4210N vulnerable to cross-site scripting	2022-11-17T11:15+09:00	2022-11-17T11:15+09:00
jvndb-2022-002691	Multiple vulnerabilities in OMRON products	2022-11-10T09:46+09:00	2022-11-10T09:46+09:00
jvndb-2022-002444	Multiple vulnerabilities in Buffalo network devices	2022-10-05T17:44+09:00	2022-10-13T16:28+09:00
jvndb-2022-002443	Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter	2022-10-05T17:28+09:00	2022-10-05T17:28+09:00
jvndb-2022-002364	DoS Vulnerability in uCosminexus TP1/Client/J and Cosminexus Service Coordinator	2022-09-14T11:34+09:00	2022-09-14T11:34+09:00
jvndb-2022-002346	Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series	2022-09-02T18:08+09:00	2022-09-02T18:08+09:00