Recent vulnerabilities
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| ghsa-f636-fg7w-pc6g (github) | Rejected reason: Not used | 2025-04-30T03:30:31Z | 2025-04-30T03:30:31Z |
| ghsa-7f65-gf7m-344g (github) | Rejected reason: Not used | 2025-04-30T03:30:31Z | 2025-04-30T03:30:31Z |
| ghsa-425j-ff8c-j42j (github) | Rejected reason: Not used | 2025-04-30T03:30:31Z | 2025-04-30T03:30:31Z |
| ghsa-3hp3-228q-23gq (github) | Rejected reason: Not used | 2025-04-30T03:30:31Z | 2025-04-30T03:30:31Z |
| ghsa-2jpm-8cqp-7q87 (github) | Rejected reason: Not used | 2025-04-30T03:30:31Z | 2025-04-30T03:30:31Z |
| ghsa-2935-2wfm-hhpv (github) | Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache | 2025-03-25T09:32:07Z | 2025-04-30T03:30:31Z |
| ghsa-xjh3-mp8f-qvj4 (github) | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 2025-04-30T00:32:27Z | 2025-04-30T00:32:27Z |
| ghsa-f554-8623-c3v2 (github) | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 2025-04-30T00:32:27Z | 2025-04-30T00:32:27Z |
| ghsa-qffm-wchf-95hp (github) | A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as cri... | 2025-04-29T21:31:56Z | 2025-04-29T21:31:56Z |
| ghsa-p8jc-2h55-7w89 (github) | A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 240... | 2025-04-29T21:31:55Z | 2025-04-29T21:31:55Z |
| ghsa-9xq3-wmwq-jv6r (github) | A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Aff... | 2025-04-29T21:31:54Z | 2025-04-29T21:31:54Z |
| ghsa-73hp-3m9v-h54h (github) | Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user wi... | 2025-04-24T03:31:32Z | 2025-04-29T21:31:52Z |
| ghsa-5974-c6r6-2pv9 (github) | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb()... | 2025-04-17T18:31:22Z | 2025-04-29T21:31:50Z |
| ghsa-r764-27jf-q424 (github) | In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer e... | 2025-04-16T15:34:41Z | 2025-04-29T21:31:48Z |
| ghsa-gxg5-6xg7-gc7q (github) | In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take regi... | 2025-04-16T15:34:46Z | 2025-04-29T21:31:48Z |
| ghsa-843p-6jf4-c3r6 (github) | In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add miss... | 2025-04-16T15:34:46Z | 2025-04-29T21:31:48Z |
| ghsa-7mx5-64fm-676w (github) | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix g... | 2025-04-16T15:34:41Z | 2025-04-29T21:31:48Z |
| ghsa-5659-626r-mfvx (github) | In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL c... | 2025-04-16T15:34:46Z | 2025-04-29T21:31:48Z |
| ghsa-gvg4-xh6r-ggrp (github) | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dere... | 2025-04-16T15:34:40Z | 2025-04-29T21:31:47Z |
| ghsa-gjvw-2pj9-fgr6 (github) | In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops afte... | 2025-04-16T15:34:40Z | 2025-04-29T21:31:47Z |
| ghsa-c8pq-47pf-5pgc (github) | In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix Oops afte... | 2025-04-16T15:34:40Z | 2025-04-29T21:31:47Z |
| ghsa-8xw7-j864-h87q (github) | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_sub... | 2025-04-16T15:34:40Z | 2025-04-29T21:31:47Z |
| ghsa-6pg5-wf6r-xvh8 (github) | In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in co... | 2025-04-16T15:34:41Z | 2025-04-29T21:31:47Z |
| ghsa-4hwj-3ppp-cx8v (github) | In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corr... | 2025-04-16T15:34:40Z | 2025-04-29T21:31:47Z |
| ghsa-5v57-87fw-9gxc (github) | In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do... | 2025-04-16T15:34:39Z | 2025-04-29T21:31:46Z |
| ghsa-2788-7prj-r2qv (github) | In the Linux kernel, the following vulnerability has been resolved: PCI/bwctrl: Fix NULL pointer... | 2025-04-16T15:34:39Z | 2025-04-29T21:31:46Z |
| ghsa-24cr-7gmf-xxwh (github) | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix kern... | 2025-04-16T15:34:39Z | 2025-04-29T21:31:46Z |
| ghsa-c655-qwvw-wfqm (github) | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim ... | 2024-05-21T15:31:40Z | 2025-04-29T21:31:35Z |
| ghsa-3w59-vx6f-4274 (github) | In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup s... | 2024-05-21T15:31:40Z | 2025-04-29T21:31:35Z |
| ghsa-mv9f-845w-2cgm (github) | In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some ... | 2024-05-21T15:31:40Z | 2025-04-29T21:31:34Z |
| ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Update Date |
|---|---|---|---|---|---|---|
| cve-2022-33982 (NVD) | N/A | DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367 |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T20:18:26.671Z |
| cve-2025-2082 (NVD) | CVSS-v3.0: 7.5 | Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability |
Tesla |
Model 3 |
2025-04-30T20:00:44.550Z | 2025-04-30T20:17:55.675Z |
| cve-2023-40131 (NVD) | N/A | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
Google |
Android |
2023-10-27T20:22:58.077Z | 2025-04-30T20:17:44.180Z |
| cve-2024-6032 (NVD) | CVSS-v3.0: 7.8 | Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability |
Tesla |
Model S |
2025-04-30T20:00:40.719Z | 2025-04-30T20:17:09.792Z |
| cve-2024-6030 (NVD) | CVSS-v3.0: 7 | Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability |
Tesla |
Model S |
2025-04-30T20:00:36.899Z | 2025-04-30T20:16:23.726Z |
| cve-2024-13943 (NVD) | CVSS-v3.0: 7.8 | Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability |
Tesla |
Model S |
2025-04-30T20:00:33.419Z | 2025-04-30T20:15:11.039Z |
| cve-2022-33983 (NVD) | N/A | DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053 |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T20:14:00.981Z |
| cve-2024-6029 (NVD) | CVSS-v3.0: 5 | Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability |
Tesla |
Model S |
2025-04-30T20:00:25.966Z | 2025-04-30T20:13:33.588Z |
| cve-2024-6031 (NVD) | CVSS-v3.0: 7.8 | Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability |
Tesla |
Model S |
2025-04-30T20:00:29.921Z | 2025-04-30T20:12:28.649Z |
| cve-2022-41670 (NVD) | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). |
Schneider Electric Schneider Electric |
EcoStruxure Operator Terminal Expert Pro-face BLUE |
2022-11-04T00:00:00.000Z | 2025-04-30T20:10:42.160Z | |
| cve-2024-47784 (NVD) | CVSS-v4.0: 2.1 CVSS-v3.1: 2.6 | Unverified Password Change |
ABB ABB ABB |
ANC ANC-L ANC-mini |
2025-04-30T18:17:02.648Z | 2025-04-30T20:04:47.051Z |
| cve-2025-2170 (NVD) | N/A | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. |
SonicWall |
SMA1000 |
2025-04-30T18:46:34.939Z | 2025-04-30T20:03:18.901Z |
| cve-2024-50602 (NVD) | N/A | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. |
n/a |
n/a |
2024-10-27T00:00:00.000Z | 2025-04-30T20:03:17.594Z |
| cve-2022-33984 (NVD) | N/A | DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054 |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T20:02:19.323Z |
| cve-2022-43569 (NVD) | CVSS-v3.1: 8 | Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise |
Splunk |
Splunk Enterprise |
2022-11-04T22:22:31.895Z | 2025-04-30T20:02:18.090Z |
| cve-2022-33985 (NVD) | N/A | DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055 |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T20:00:25.064Z |
| cve-2023-4813 (NVD) | CVSS-v3.1: 5.9 | Glibc: potential use-after-free in gaih_inet() |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 |
2023-09-12T21:54:33.387Z | 2025-04-30T19:58:08.516Z |
| cve-2023-4806 (NVD) | CVSS-v3.1: 5.9 | Glibc: potential use-after-free in getaddrinfo() |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 |
2023-09-18T16:33:57.211Z | 2025-04-30T19:57:53.420Z |
| cve-2022-33986 (NVD) | N/A | DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056 |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T19:56:45.263Z |
| cve-2022-31255 (NVD) | SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction |
SUSE SUSE SUSE |
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.2 |
2022-11-10T07:30:16.818Z | 2025-04-30T19:55:40.615Z | |
| cve-2022-43753 (NVD) | SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload |
SUSE SUSE SUSE |
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.2 |
2022-11-10T07:30:17.870Z | 2025-04-30T19:55:05.952Z | |
| cve-2022-43754 (NVD) | SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do |
SUSE SUSE SUSE |
SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.2 |
2022-11-10T07:30:18.906Z | 2025-04-30T19:54:37.083Z | |
| cve-2022-34325 (NVD) | N/A | DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T19:54:12.670Z |
| cve-2022-3945 (NVD) | Improper Restriction of Excessive Authentication Attempts in kareadita/kavita |
kareadita |
kareadita/kavita |
2022-11-11T00:00:00.000Z | 2025-04-30T19:53:39.410Z | |
| cve-2022-34312 (NVD) | CVSS-v3.1: 4 | IBM CICS TX information disclosure |
IBM |
CICS TX |
2022-11-14T17:49:55.297Z | 2025-04-30T19:52:00.296Z |
| cve-2022-38705 (NVD) | CVSS-v3.1: 5.3 | IBM CICS TX phishing |
IBM |
CICS TX |
2022-11-14T17:56:59.006Z | 2025-04-30T19:50:53.598Z |
| cve-2023-4911 (NVD) | CVSS-v3.1: 7.8 | Glibc: buffer overflow in ld.so leading to privilege escalation |
Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat Red Hat |
Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 |
2023-10-03T17:25:08.434Z | 2025-04-30T19:48:05.645Z |
| cve-2022-41719 (NVD) | N/A | Panic in github.com/shamaton/msgpack/v2 |
github.com/shamaton/msgpack/v2 |
github.com/shamaton/msgpack/v2 |
2022-11-10T19:57:01.274Z | 2025-04-30T19:46:41.386Z |
| cve-2022-27949 (NVD) | Apache Airflow prior to 2.3.1 may include sensitive values in rendered template |
Apache Software Foundation |
Apache Airflow |
2022-11-14T00:00:00.000Z | 2025-04-30T19:44:13.705Z | |
| cve-2022-35613 (NVD) | N/A | Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). |
n/a |
n/a |
2022-11-14T00:00:00.000Z | 2025-04-30T19:42:53.294Z |
| ID | CVSS Base Score | Description | Vendor | Product | Publish Date | Update Date |
|---|---|---|---|---|---|---|
| cve-2025-3830 (NVD) | kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload |
kuangstudy |
KuangSimpleBBS |
2025-04-20T16:31:04.628Z | 2025-04-21T01:57:55.504Z | |
| cve-2024-26566 (NVD) | N/A | An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. |
n/a |
n/a |
2024-03-07T00:00:00 | 2024-08-06T14:00:36.590Z |
| cve-2024-24375 (NVD) | N/A | SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. |
n/a |
n/a |
2024-03-07T00:00:00 | 2024-08-29T16:53:35.621Z |
| cve-2024-25164 (NVD) | N/A | iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. |
n/a |
n/a |
2024-03-04T00:00:00 | 2024-08-16T15:54:59.977Z |
| cve-2024-27516 (NVD) | N/A | Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. |
n/a |
n/a |
2024-02-28T00:00:00 | 2024-08-02T00:34:52.303Z |
| cve-2024-26473 (NVD) | N/A | A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php. |
n/a |
n/a |
2024-02-27T00:00:00 | 2024-11-06T15:36:36.785Z |
| cve-2024-26472 (NVD) | N/A | KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'. |
n/a |
n/a |
2024-02-27T00:00:00 | 2024-10-31T15:20:51.953Z |
| cve-2024-26471 (NVD) | N/A | A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. |
n/a |
n/a |
2024-02-27T00:00:00 | 2024-08-27T20:03:00.338Z |
| cve-2024-26470 (NVD) | N/A | A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. |
n/a |
n/a |
2024-02-27T00:00:00 | 2024-08-28T15:41:54.657Z |
| cve-2024-25846 (NVD) | N/A | In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. |
n/a |
n/a |
2024-02-27T00:00:00 | 2024-08-08T20:10:19.815Z |
| cve-2024-42768 (NVD) | N/A | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T18:11:08.849Z |
| cve-2024-42769 (NVD) | N/A | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T18:32:58.668Z |
| cve-2024-42770 (NVD) | N/A | A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T15:58:44.840Z |
| cve-2024-42771 (NVD) | N/A | A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T19:43:17.562Z |
| cve-2024-42772 (NVD) | N/A | An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T18:36:27.910Z |
| cve-2024-42773 (NVD) | N/A | An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-11-06T14:34:37.039Z |
| cve-2024-42774 (NVD) | N/A | An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T20:00:48.473Z |
| cve-2024-42775 (NVD) | N/A | An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T19:49:31.835Z |
| cve-2024-42776 (NVD) | N/A | Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T19:31:48.598Z |
| cve-2024-42767 (NVD) | N/A | Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. |
n/a |
n/a |
2024-08-22T00:00:00 | 2024-08-22T18:45:03.863Z |
| cve-2025-43954 (NVD) | QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set. |
Quasar |
QMarkdown |
2025-04-20T00:00:00.000Z | 2025-04-21T13:43:34.198Z | |
| cve-2024-25388 (NVD) | N/A | drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. |
n/a |
n/a |
2024-03-27T00:00:00 | 2024-08-01T23:44:09.359Z |
| cve-2024-24335 (NVD) | N/A | A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. |
n/a |
n/a |
2024-03-27T00:00:00 | 2024-08-01T23:19:52.335Z |
| cve-2024-24334 (NVD) | N/A | A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. |
n/a |
n/a |
2024-03-27T00:00:00 | 2024-08-01T23:19:52.143Z |
| cve-2024-23722 (NVD) | N/A | In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly. |
n/a |
n/a |
2024-03-26T00:00:00 | 2024-08-06T13:47:16.123Z |
| cve-2024-29644 (NVD) | N/A | Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. |
n/a |
n/a |
2024-03-26T00:00:00.000Z | 2025-03-24T15:50:03.694Z |
| cve-2024-32418 (NVD) | N/A | An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. |
n/a |
n/a |
2024-04-22T00:00:00 | 2024-08-02T02:06:44.205Z |
| cve-2024-32391 (NVD) | N/A | Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. |
n/a |
n/a |
2024-04-19T00:00:00 | 2024-08-02T02:06:44.076Z |
| cve-2024-29434 (NVD) | N/A | An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. |
n/a |
n/a |
2024-04-02T00:00:00.000Z | 2025-03-28T23:38:55.948Z |
| cve-2024-29432 (NVD) | N/A | Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. |
n/a |
n/a |
2024-04-02T00:00:00 | 2024-09-04T16:04:34.416Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| pysec-2023-304 | vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learni... | 2023-11-14T21:15:00+00:00 | 2024-11-21T14:23:02.641254+00:00 |
| pysec-2023-303 | vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learni... | 2023-11-14T21:15:00+00:00 | 2024-11-21T14:23:02.574095+00:00 |
| pysec-2022-43171 | An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x th... | 2022-03-10T17:47:00+00:00 | 2024-11-21T14:23:02.453983+00:00 |
| pysec-2022-43170 | An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x throu... | 2022-03-10T17:47:00+00:00 | 2024-11-21T14:23:02.248212+00:00 |
| pysec-2016-41 | file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, ... | 2016-09-07T19:28:00+00:00 | 2024-11-21T14:23:02.083165+00:00 |
| pysec-2016-40 | Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x b... | 2016-09-07T19:28:00+00:00 | 2024-11-21T14:23:02.008255+00:00 |
| pysec-2023-301 | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 2023-12-20T17:15:00+00:00 | 2024-11-21T14:23:01.933055+00:00 |
| pysec-2023-300 | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 2023-12-19T13:15:00+00:00 | 2024-11-21T14:23:01.871022+00:00 |
| pysec-2023-299 | Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | 2023-05-18T17:15:00+00:00 | 2024-11-21T14:23:01.805729+00:00 |
| pysec-2022-43167 | Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as app... | 2022-04-19T03:15:00+00:00 | 2024-11-21T14:23:01.289420+00:00 |
| pysec-2022-43169 | The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. T... | 2022-06-24T21:15:00Z | 2024-11-21T14:23:01.740031Z |
| pysec-2022-43165 | The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor ... | 2022-06-24T21:15:00Z | 2024-11-21T14:23:01.181819Z |
| pysec-2016-39 | An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function... | 2016-12-23T22:59:00Z | 2024-11-21T14:23:01.531112Z |
| pysec-2022-43161 | Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. | 2022-10-13T20:15:00+00:00 | 2024-11-21T14:23:00.575892+00:00 |
| pysec-2022-43160 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior ... | 2022-10-13T20:15:00+00:00 | 2024-11-21T14:23:00.515460+00:00 |
| pysec-2022-43159 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior ... | 2022-10-14T12:15:00+00:00 | 2024-11-21T14:23:00.456366+00:00 |
| pysec-2022-43158 | Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | 2022-10-10T12:15:00+00:00 | 2024-11-21T14:23:00.394851+00:00 |
| pysec-2022-43157 | Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. | 2022-10-06T18:16:00+00:00 | 2024-11-21T14:23:00.333240+00:00 |
| pysec-2022-43156 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior ... | 2022-10-06T18:16:00+00:00 | 2024-11-21T14:23:00.273706+00:00 |
| pysec-2023-297 | A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbit... | 2023-12-13T10:15:00Z | 2024-11-21T14:23:00.892241Z |
| pysec-2023-296 | An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with th... | 2023-12-13T10:15:00Z | 2024-11-21T14:23:00.841929Z |
| pysec-2023-295 | An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store ... | 2023-12-13T10:15:00Z | 2024-11-21T14:23:00.792103Z |
| pysec-2023-294 | An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interacti... | 2023-12-13T10:15:00Z | 2024-11-21T14:23:00.74018Z |
| pysec-2023-293 | An authentication bypass vulnerability has been found in Repox, which allows a remote user to sen... | 2023-12-13T09:15:00Z | 2024-11-21T14:23:00.689595Z |
| pysec-2022-43164 | The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor... | 2022-06-24T21:15:00Z | 2024-11-21T14:23:00.996865Z |
| pysec-2022-43155 | wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fa... | 2022-12-13T23:15:00Z | 2024-11-21T14:23:00.213494Z |
| pysec-2022-43153 | Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from ... | 2022-04-16T16:15:00Z | 2024-11-21T14:23:00.113164Z |
| pysec-2023-292 | PyInstaller bundles a Python application and all its dependencies into a single package. A PyInst... | 2023-12-09T01:15:00+00:00 | 2024-11-21T14:22:59.796437+00:00 |
| pysec-2023-291 | PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Driv... | 2023-12-05T21:15:00+00:00 | 2024-11-21T14:22:59.681617+00:00 |
| pysec-2023-290 | An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::E... | 2023-01-20T19:15:00Z | 2024-11-21T14:22:59.461917Z |
| ID | Description |
|---|---|
| gsd-2024-33677 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-31152 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4290 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4289 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4288 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4287 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4286 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4285 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4284 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4283 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4282 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4281 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4280 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4279 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4278 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4277 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4276 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4275 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4274 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4273 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4272 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4271 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4270 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4269 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4268 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4267 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4266 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4265 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4264 | The format of the source doesn't require a description, click on the link for more details |
| gsd-2024-4263 | The format of the source doesn't require a description, click on the link for more details |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| mal-2024-8646 | Malicious code in @diotoborg/suscipit-officia (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:22Z |
| mal-2024-8635 | Malicious code in @diotoborg/sit-voluptas (npm) | 2024-09-02T01:42:15Z | 2024-09-02T01:42:22Z |
| mal-2024-8526 | Malicious code in @diotoborg/praesentium-architecto (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8511 | Malicious code in @diotoborg/optio-tempora-impedit (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:22Z |
| mal-2024-8504 | Malicious code in @diotoborg/officiis-optio (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8466 | Malicious code in @diotoborg/nisi-molestiae (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:22Z |
| mal-2024-8455 | Malicious code in @diotoborg/nemo-reprehenderit (npm) | 2024-09-02T01:42:15Z | 2024-09-02T01:42:22Z |
| mal-2024-8411 | Malicious code in @diotoborg/magni-velit-iure (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:22Z |
| mal-2024-8377 | Malicious code in @diotoborg/ipsam-dolores-labore (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8347 | Malicious code in @diotoborg/fugit-at-porro (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8338 | Malicious code in @diotoborg/facilis-totam-atque (npm) | 2024-09-02T01:42:12Z | 2024-09-02T01:42:22Z |
| mal-2024-8322 | Malicious code in @diotoborg/excepturi-fuga-sequi (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:22Z |
| mal-2024-8309 | Malicious code in @diotoborg/eum-porro (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8281 | Malicious code in @diotoborg/eius-pariatur (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8269 | Malicious code in @diotoborg/ea-praesentium (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:22Z |
| mal-2024-8239 | Malicious code in @diotoborg/dolore-magnam-ipsam (npm) | 2024-09-02T01:42:15Z | 2024-09-02T01:42:22Z |
| mal-2024-8221 | Malicious code in @diotoborg/deserunt-cupiditate (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8215 | Malicious code in @diotoborg/delectus-recusandae-aut (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8179 | Malicious code in @diotoborg/consectetur-modi-reprehenderit (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8146 | Malicious code in @diotoborg/aspernatur-in (npm) | 2024-09-02T01:42:12Z | 2024-09-02T01:42:22Z |
| mal-2024-8134 | Malicious code in @diotoborg/aperiam-iste (npm) | 2024-09-02T01:42:14Z | 2024-09-02T01:42:22Z |
| mal-2024-8112 | Malicious code in @diotoborg/adipisci-dolorum (npm) | 2024-09-02T01:42:15Z | 2024-09-02T01:42:22Z |
| mal-2024-8626 | Malicious code in @diotoborg/sed-tempora-natus (npm) | 2024-09-02T01:42:12Z | 2024-09-02T01:42:21Z |
| mal-2024-8586 | Malicious code in @diotoborg/quos-vero-asperiores (npm) | 2024-09-02T01:42:12Z | 2024-09-02T01:42:21Z |
| mal-2024-8529 | Malicious code in @diotoborg/provident-eligendi-porro (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:21Z |
| mal-2024-8472 | Malicious code in @diotoborg/nobis-mollitia (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:21Z |
| mal-2024-8465 | Malicious code in @diotoborg/nisi-eaque-eaque (npm) | 2024-09-02T01:42:12Z | 2024-09-02T01:42:21Z |
| mal-2024-8409 | Malicious code in @diotoborg/magni-illo (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:21Z |
| mal-2024-8374 | Malicious code in @diotoborg/ipsa-ratione (npm) | 2024-09-02T01:42:12Z | 2024-09-02T01:42:21Z |
| mal-2024-8316 | Malicious code in @diotoborg/eveniet-officia (npm) | 2024-09-02T01:42:13Z | 2024-09-02T01:42:21Z |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| wid-sec-w-2024-2138 | Rockwell Automation ControlLogix: Schwachstelle ermöglicht Denial of Service | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2137 | Kemp LoadMaster: Schwachstelle ermöglicht Codeausführung | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2136 | Mehrere NetApp Produkte: Schwachstelle ermöglicht Denial of Service, Offenlegung von Informationen und Manipulation von Daten | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2135 | VMware Tanzu Spring Framework: Schwachstelle ermöglicht Offenlegung von Informationen | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2134 | docker: Mehrere Schwachstellen ermöglichen Codeausführung | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2133 | Linux Kernel: Mehrere Schwachstellen | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2132 | Rockwell Automation FactoryTalk: Mehrere Schwachstellen | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2131 | Red Hat Enterprise Linux (Migration Toolkit): Schwachstelle ermöglicht Cross-Site Scripting | 2024-09-12T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2097 | Adobe Acrobat Reader: Mehrere Schwachstellen ermöglichen Codeausführung | 2024-09-10T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2067 | Golang Go: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-09-05T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2043 | Apache OFBiz: Mehrere Schwachstellen | 2024-09-03T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2036 | Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen | 2024-09-03T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-1927 | Linux Kernel: Mehrere Schwachstellen | 2024-08-26T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-1706 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-07-24T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-1068 | Red Hat Enterprise Linux (Quarkus and Netty): Mehrere Schwachstellen | 2024-05-07T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-0819 | QEMU: Schwachstelle ermöglicht Denial of Service | 2024-04-08T22:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-0488 | Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff | 2024-02-26T23:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-0005 | QEMU: Schwachstelle ermöglicht Offenlegung von Informationen | 2024-01-02T23:00:00.000+00:00 | 2024-09-12T22:00:00.000+00:00 |
| wid-sec-w-2024-2129 | Microsoft Edge: Mehrere Schwachstellen | 2024-09-11T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-2128 | Cisco NSO und Router: Schwachstelle ermöglicht Privilegieneskalation | 2024-09-11T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-2127 | PaloAlto Networks PAN-OS und GlobaProtect: Mehrere Schwachstellen | 2024-09-11T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-2126 | Drupal: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen und Denial of Service | 2024-09-11T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-2125 | Cisco IOS XR: Mehrere Schwachstellen | 2024-09-11T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-2124 | Linux Kernel: Mehrere Schwachstellen | 2024-09-11T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-2075 | OpenSC: Schwachstelle ermöglicht Codeausführung | 2024-09-08T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-1923 | Linux Kernel (Bluetooth): Schwachstelle ermöglicht Denial of Service | 2024-08-25T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-1838 | IBM DB2: Mehrere Schwachstellen ermöglichen Denial of Service | 2024-08-13T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-1772 | Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung von Informationen | 2024-08-06T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-1761 | libTIFF: Schwachstelle ermöglicht Denial of Service | 2024-08-05T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| wid-sec-w-2024-1486 | OpenSSH: Schwachstelle ermöglicht Codeausführung | 2024-06-30T22:00:00.000+00:00 | 2024-09-11T22:00:00.000+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| rhsa-2024_6912 | Red Hat Security Advisory: go-toolset:rhel8 security update | 2024-09-23T01:54:18+00:00 | 2025-03-28T11:02:37+00:00 |
| rhsa-2024_6913 | Red Hat Security Advisory: golang security update | 2024-09-23T01:53:11+00:00 | 2025-03-28T11:02:26+00:00 |
| rhsa-2024_6914 | Red Hat Security Advisory: golang security update | 2024-09-23T01:52:46+00:00 | 2025-03-28T11:02:13+00:00 |
| rhsa-2025_0664 | Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.35.0 security update & enhancements | 2025-01-23T13:02:37+00:00 | 2025-03-28T11:01:29+00:00 |
| rhsa-2024_9571 | Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update | 2024-11-13T16:21:03+00:00 | 2025-03-28T11:01:17+00:00 |
| rhsa-2024_8886 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update | 2024-11-05T12:07:46+00:00 | 2025-03-28T11:01:06+00:00 |
| rhsa-2024_11256 | Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1 | 2024-12-17T11:08:00+00:00 | 2025-03-28T11:01:02+00:00 |
| rhsa-2024_8887 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 Openshift Jenkins security update | 2024-11-05T12:08:31+00:00 | 2025-03-28T11:00:54+00:00 |
| rhsa-2024_11255 | Red Hat Security Advisory: Red Hat Trusted Profile Analyzer 1.2.1 | 2024-12-17T10:22:51+00:00 | 2025-03-28T11:00:50+00:00 |
| rhsa-2024_8885 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update | 2024-11-05T11:47:26+00:00 | 2025-03-28T11:00:42+00:00 |
| rhsa-2024_7670 | Red Hat Security Advisory: Red Hat build of Quarkus 3.8.6.SP1 Security Update | 2024-10-10T11:49:18+00:00 | 2025-03-28T11:00:39+00:00 |
| rhsa-2024_8884 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 Openshift Jenkins security update | 2024-11-05T11:25:56+00:00 | 2025-03-28T11:00:30+00:00 |
| rhsa-2024_10208 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update | 2024-11-25T00:12:13+00:00 | 2025-03-28T11:00:26+00:00 |
| rhsa-2024_8339 | Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update. | 2024-10-22T18:29:33+00:00 | 2025-03-28T11:00:19+00:00 |
| rhsa-2024_10207 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update | 2024-11-25T00:12:17+00:00 | 2025-03-28T11:00:14+00:00 |
| rhsa-2024_7972 | Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1) | 2024-10-10T14:00:25+00:00 | 2025-03-28T11:00:04+00:00 |
| rhsa-2024_8093 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update | 2024-10-14T19:55:01+00:00 | 2025-03-28T10:59:56+00:00 |
| rhsa-2024_7676 | Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update | 2024-10-10T13:43:59+00:00 | 2025-03-28T10:59:52+00:00 |
| rhsa-2024_8064 | Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update. | 2024-10-14T15:53:39+00:00 | 2025-03-28T10:59:45+00:00 |
| rhsa-2024_7861 | Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ] | 2024-10-09T12:35:14+00:00 | 2025-03-28T10:59:40+00:00 |
| rhsa-2024_7812 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update | 2024-10-08T16:04:06+00:00 | 2025-03-28T10:59:29+00:00 |
| rhsa-2024_7811 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update | 2024-10-08T16:08:21+00:00 | 2025-03-28T10:59:17+00:00 |
| rhsa-2025_3207 | Red Hat Security Advisory: kernel security update | 2025-03-26T01:23:41+00:00 | 2025-03-27T23:20:47+00:00 |
| rhsa-2025_3211 | Red Hat Security Advisory: kernel-rt security update | 2025-03-26T01:36:31+00:00 | 2025-03-27T23:20:40+00:00 |
| rhsa-2025_3212 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:07:56+00:00 | 2025-03-27T23:20:33+00:00 |
| rhsa-2025_3215 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:23:26+00:00 | 2025-03-27T23:20:19+00:00 |
| rhsa-2025_3208 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:18:01+00:00 | 2025-03-27T23:20:11+00:00 |
| rhsa-2025_3213 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:04:46+00:00 | 2025-03-27T23:20:04+00:00 |
| rhsa-2025_3264 | Red Hat Security Advisory: kernel-rt security update | 2025-03-26T14:04:53+00:00 | 2025-03-27T23:19:58+00:00 |
| rhsa-2025_3214 | Red Hat Security Advisory: kernel-rt security update | 2025-03-26T01:15:46+00:00 | 2025-03-27T23:19:47+00:00 |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| cisco-sa-expressway-priv-esc-ls2b9t7b | Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities | 2023-06-07T16:00:00+00:00 | 2023-06-07T16:00:00+00:00 |
| cisco-sa-cucm-imp-dos-49gl7rzt | Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability | 2023-06-07T16:00:00+00:00 | 2023-06-07T16:00:00+00:00 |
| cisco-sa-cucm-dos-4ag3ywbd | Cisco Unified Communications Manager Denial of Service Vulnerability | 2023-06-07T16:00:00+00:00 | 2023-06-07T16:00:00+00:00 |
| cisco-sa-csw-auth-openapi-ktndjdnx | Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability | 2023-06-07T16:00:00+00:00 | 2023-06-07T16:00:00+00:00 |
| cisco-sa-iox-8whgn5dl | Cisco IOx Application Hosting Environment Command Injection Vulnerability | 2023-02-01T16:00:00+00:00 | 2023-06-01T15:34:21+00:00 |
| cisco-sa-cuis-xss-omm8jybx | Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability | 2023-01-11T16:00:00+00:00 | 2023-05-30T14:22:18+00:00 |
| cisco-sa-ftd-file-write-shvcmqvc | Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability | 2021-10-27T16:00:00+00:00 | 2023-05-26T11:54:17+00:00 |
| cisco-sa-iosxe-info-disc-nrorxjo | Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability | 2022-09-28T16:00:00+00:00 | 2023-05-17T18:23:37+00:00 |
| cisco-sa-ssm-sql-x9mmjsyh | Cisco Smart Software Manager On-Prem SQL Injection Vulnerability | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-sg-web-multi-s9g4nkgv | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-ise-xxe-inj-696oztcm | Cisco Identity Services Engine XML External Entity Injection Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-ise-traversal-ztugmyhu | Cisco Identity Services Engine Path Traversal Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-ise-injection-srqnseu9 | Cisco Identity Services Engine Command Injection Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-ise-file-dwnld-srcdnkd2 | Cisco Identity Services Engine Arbitrary File Download Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-ise-file-delete-read-pk5ghddd | Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-dnac-multiple-ktqkgu3 | Cisco DNA Center Software API Vulnerabilities | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-cbw-auth-bypass-ggnafdz | Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability | 2023-05-17T16:00:00+00:00 | 2023-05-17T16:00:00+00:00 |
| cisco-sa-pi-epnm-erpwaxle | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities | 2023-04-05T16:00:00+00:00 | 2023-05-15T13:11:25+00:00 |
| cisco-sa-c9300-spi-ace-yejygnnq | Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability | 2023-03-22T16:00:00+00:00 | 2023-05-11T15:34:52+00:00 |
| cisco-sa-iox-priv-escalate-xg8zkypk | Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability | 2023-03-22T16:00:00+00:00 | 2023-05-08T15:01:45+00:00 |
| cisco-sa-spa-unauth-upgrade-uqhytww | Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability | 2023-05-03T16:00:00+00:00 | 2023-05-03T16:00:00+00:00 |
| cisco-sa-ipp-oobwrite-8cmf5r7u | Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability | 2022-12-08T16:00:00+00:00 | 2023-04-27T21:07:18+00:00 |
| cisco-sa-pcd-xss-jdxpjm7 | Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability | 2023-04-26T16:00:00+00:00 | 2023-04-26T16:00:00+00:00 |
| cisco-sa-20170629-snmp | SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software | 2017-06-29T16:00:00+00:00 | 2023-04-21T17:45:45+00:00 |
| cisco-sa-cisco-pdng-dos-kmzwey2q | Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability | 2023-04-05T16:00:00+00:00 | 2023-04-19T20:31:01+00:00 |
| cisco-sa-staros-ssh-privesc-bmwejc3h | Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability | 2023-04-19T16:00:00+00:00 | 2023-04-19T16:00:00+00:00 |
| cisco-sa-sdwan-vmanage-wfnqmyhn | Cisco SD-WAN vManage Software Arbitrary File Deletion Vulnerability | 2023-04-19T16:00:00+00:00 | 2023-04-19T16:00:00+00:00 |
| cisco-sa-roomos-file-write-rhkwegkf | Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities | 2023-04-19T16:00:00+00:00 | 2023-04-19T16:00:00+00:00 |
| cisco-sa-ind-caelfk6v | Cisco Industrial Network Director Vulnerabilities | 2023-04-19T16:00:00+00:00 | 2023-04-19T16:00:00+00:00 |
| cisco-sa-cml-auth-bypass-4fucceg5 | Cisco Modeling Labs External Authentication Bypass Vulnerability | 2023-04-19T16:00:00+00:00 | 2023-04-19T16:00:00+00:00 |
| ID | Description |
|---|---|
| var-201912-0484 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. apple's iCloud Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.2; tvOS prior to 12.2; Safari prior to 12.1; Windows-based iTunes prior to 12.9.4; Windows-based iCloud prior to 7.11; watchOS prior to 5.2. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3902). CVE-2019-8546: ChiYuan Chang Passcode Available for: Apple Watch Series 1 and later Impact: A partially entered passcode may not clear when the device goes to sleep Description: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. CVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: September 06, 2019 Bugs: #683234, #686216, #693122 ID: 201909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4" References ========== [ 1 ] CVE-2019-11070 https://nvd.nist.gov/vuln/detail/CVE-2019-11070 [ 2 ] CVE-2019-6201 https://nvd.nist.gov/vuln/detail/CVE-2019-6201 [ 3 ] CVE-2019-6251 https://nvd.nist.gov/vuln/detail/CVE-2019-6251 [ 4 ] CVE-2019-7285 https://nvd.nist.gov/vuln/detail/CVE-2019-7285 [ 5 ] CVE-2019-7292 https://nvd.nist.gov/vuln/detail/CVE-2019-7292 [ 6 ] CVE-2019-8503 https://nvd.nist.gov/vuln/detail/CVE-2019-8503 [ 7 ] CVE-2019-8506 https://nvd.nist.gov/vuln/detail/CVE-2019-8506 [ 8 ] CVE-2019-8515 https://nvd.nist.gov/vuln/detail/CVE-2019-8515 [ 9 ] CVE-2019-8518 https://nvd.nist.gov/vuln/detail/CVE-2019-8518 [ 10 ] CVE-2019-8523 https://nvd.nist.gov/vuln/detail/CVE-2019-8523 [ 11 ] CVE-2019-8524 https://nvd.nist.gov/vuln/detail/CVE-2019-8524 [ 12 ] CVE-2019-8535 https://nvd.nist.gov/vuln/detail/CVE-2019-8535 [ 13 ] CVE-2019-8536 https://nvd.nist.gov/vuln/detail/CVE-2019-8536 [ 14 ] CVE-2019-8544 https://nvd.nist.gov/vuln/detail/CVE-2019-8544 [ 15 ] CVE-2019-8551 https://nvd.nist.gov/vuln/detail/CVE-2019-8551 [ 16 ] CVE-2019-8558 https://nvd.nist.gov/vuln/detail/CVE-2019-8558 [ 17 ] CVE-2019-8559 https://nvd.nist.gov/vuln/detail/CVE-2019-8559 [ 18 ] CVE-2019-8563 https://nvd.nist.gov/vuln/detail/CVE-2019-8563 [ 19 ] CVE-2019-8595 https://nvd.nist.gov/vuln/detail/CVE-2019-8595 [ 20 ] CVE-2019-8607 https://nvd.nist.gov/vuln/detail/CVE-2019-8607 [ 21 ] CVE-2019-8615 https://nvd.nist.gov/vuln/detail/CVE-2019-8615 [ 22 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 23 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 24 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 25 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 26 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 27 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 28 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 29 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 30 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 31 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 32 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 33 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 34 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 35 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 36 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 37 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 38 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 39 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 40 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 41 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 42 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 43 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 44 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 45 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 46 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 47 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 48 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 49 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 50 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 51 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 52 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 53 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 54 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 55 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 56 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 57 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 58 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 59 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 60 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 61 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 62 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 63 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 64 ] WSA-2019-0002 https://webkitgtk.org/security/WSA-2019-0002.html [ 65 ] WSA-2019-0004 https://webkitgtk.org/security/WSA-2019-0004.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201909-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Installation note: Safari 12.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.6.1 image security update Advisory ID: RHSA-2020:4298-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:4298 Issue date: 2020-10-27 CVE Names: CVE-2013-0169 CVE-2016-10739 CVE-2018-9251 CVE-2018-14404 CVE-2018-14498 CVE-2018-16890 CVE-2018-18074 CVE-2018-18624 CVE-2018-18751 CVE-2018-19519 CVE-2018-20060 CVE-2018-20337 CVE-2018-20483 CVE-2018-20657 CVE-2018-20852 CVE-2019-1547 CVE-2019-1549 CVE-2019-1563 CVE-2019-3822 CVE-2019-3823 CVE-2019-3825 CVE-2019-3843 CVE-2019-3844 CVE-2019-5094 CVE-2019-5436 CVE-2019-5481 CVE-2019-5482 CVE-2019-5953 CVE-2019-6237 CVE-2019-6251 CVE-2019-6454 CVE-2019-6706 CVE-2019-7146 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2019-8457 CVE-2019-8506 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8666 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8675 CVE-2019-8676 CVE-2019-8677 CVE-2019-8679 CVE-2019-8681 CVE-2019-8686 CVE-2019-8687 CVE-2019-8689 CVE-2019-8690 CVE-2019-8696 CVE-2019-8726 CVE-2019-8735 CVE-2019-8768 CVE-2019-11070 CVE-2019-11236 CVE-2019-11324 CVE-2019-11358 CVE-2019-11459 CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12450 CVE-2019-12795 CVE-2019-13232 CVE-2019-13636 CVE-2019-13752 CVE-2019-13753 CVE-2019-14822 CVE-2019-14973 CVE-2019-15718 CVE-2019-15847 CVE-2019-16056 CVE-2019-16769 CVE-2019-17451 CVE-2019-18408 CVE-2019-19126 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19959 CVE-2019-1010180 CVE-2019-1010204 CVE-2020-1712 CVE-2020-7013 CVE-2020-7598 CVE-2020-7662 CVE-2020-8203 CVE-2020-9283 CVE-2020-10531 CVE-2020-10715 CVE-2020-10743 CVE-2020-11008 CVE-2020-11022 CVE-2020-11023 CVE-2020-11110 CVE-2020-12049 CVE-2020-12052 CVE-2020-12245 CVE-2020-13822 CVE-2020-14040 CVE-2020-14336 CVE-2020-15366 CVE-2020-15719 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. References: https://access.redhat.com/security/cve/CVE-2013-0169 https://access.redhat.com/security/cve/CVE-2016-10739 https://access.redhat.com/security/cve/CVE-2018-9251 https://access.redhat.com/security/cve/CVE-2018-14404 https://access.redhat.com/security/cve/CVE-2018-14498 https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-18074 https://access.redhat.com/security/cve/CVE-2018-18624 https://access.redhat.com/security/cve/CVE-2018-18751 https://access.redhat.com/security/cve/CVE-2018-19519 https://access.redhat.com/security/cve/CVE-2018-20060 https://access.redhat.com/security/cve/CVE-2018-20337 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2018-20657 https://access.redhat.com/security/cve/CVE-2018-20852 https://access.redhat.com/security/cve/CVE-2019-1547 https://access.redhat.com/security/cve/CVE-2019-1549 https://access.redhat.com/security/cve/CVE-2019-1563 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/cve/CVE-2019-3825 https://access.redhat.com/security/cve/CVE-2019-3843 https://access.redhat.com/security/cve/CVE-2019-3844 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/cve/CVE-2019-5481 https://access.redhat.com/security/cve/CVE-2019-5482 https://access.redhat.com/security/cve/CVE-2019-5953 https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-6454 https://access.redhat.com/security/cve/CVE-2019-6706 https://access.redhat.com/security/cve/CVE-2019-7146 https://access.redhat.com/security/cve/CVE-2019-7149 https://access.redhat.com/security/cve/CVE-2019-7150 https://access.redhat.com/security/cve/CVE-2019-7664 https://access.redhat.com/security/cve/CVE-2019-7665 https://access.redhat.com/security/cve/CVE-2019-8457 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8518 https://access.redhat.com/security/cve/CVE-2019-8523 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2019-11236 https://access.redhat.com/security/cve/CVE-2019-11324 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2019-11459 https://access.redhat.com/security/cve/CVE-2019-12447 https://access.redhat.com/security/cve/CVE-2019-12448 https://access.redhat.com/security/cve/CVE-2019-12449 https://access.redhat.com/security/cve/CVE-2019-12450 https://access.redhat.com/security/cve/CVE-2019-12795 https://access.redhat.com/security/cve/CVE-2019-13232 https://access.redhat.com/security/cve/CVE-2019-13636 https://access.redhat.com/security/cve/CVE-2019-13752 https://access.redhat.com/security/cve/CVE-2019-13753 https://access.redhat.com/security/cve/CVE-2019-14822 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15718 https://access.redhat.com/security/cve/CVE-2019-15847 https://access.redhat.com/security/cve/CVE-2019-16056 https://access.redhat.com/security/cve/CVE-2019-16769 https://access.redhat.com/security/cve/CVE-2019-17451 https://access.redhat.com/security/cve/CVE-2019-18408 https://access.redhat.com/security/cve/CVE-2019-19126 https://access.redhat.com/security/cve/CVE-2019-19923 https://access.redhat.com/security/cve/CVE-2019-19924 https://access.redhat.com/security/cve/CVE-2019-19925 https://access.redhat.com/security/cve/CVE-2019-19959 https://access.redhat.com/security/cve/CVE-2019-1010180 https://access.redhat.com/security/cve/CVE-2019-1010204 https://access.redhat.com/security/cve/CVE-2020-1712 https://access.redhat.com/security/cve/CVE-2020-7013 https://access.redhat.com/security/cve/CVE-2020-7598 https://access.redhat.com/security/cve/CVE-2020-7662 https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-9283 https://access.redhat.com/security/cve/CVE-2020-10531 https://access.redhat.com/security/cve/CVE-2020-10715 https://access.redhat.com/security/cve/CVE-2020-10743 https://access.redhat.com/security/cve/CVE-2020-11008 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-11110 https://access.redhat.com/security/cve/CVE-2020-12049 https://access.redhat.com/security/cve/CVE-2020-12052 https://access.redhat.com/security/cve/CVE-2020-12245 https://access.redhat.com/security/cve/CVE-2020-13822 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14336 https://access.redhat.com/security/cve/CVE-2020-15366 https://access.redhat.com/security/cve/CVE-2020-15719 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-3-25-3 tvOS 12.2 tvOS 12.2 is now available and addresses the following: CFString Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc. configd Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36) CoreCrypto Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher file Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher Foundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero GeoServices Available for: Apple TV 4K and Apple TV (4th generation) Impact: Clicking a malicious SMS link may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2019-8553: an anonymous researcher iAP Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher IOHIDFamily Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6) Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG Power Management Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com) Siri Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest TrueTypeScaler Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8558: Samuel Groß of Google Project Zero CVE-2019-8559: Apple CVE-2019-8563: Apple WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8515: James Lee (@Windowsrcer) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8506: Samuel Groß of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious website may be able to execute scripts in the context of another website Description: A logic issue was addressed with improved validation. CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team XPC Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Safari We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance. WebKit We would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZM7gpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EWyBAA nFUeN7oBBPCdezabzgIAh29Mk1K+tgNeH0BIkyyPuoqeYd5UQK9cwZJ7Ww9J7uqB nAH30awuCq8r8h3oLLOn8X9A/ORNxFKUZRF+8AbH00G0taATIFjseSwGwGz5/rG7 aPoi/Mh4ilWh8luQJVvPO7KTHTeJLSsiBOuvqUmDaJVxu1y10inVW3j1s8RtrOVt BR+PZq7/BQ9wsSPxRS2bTQp3BX3m3aleadnZ9HkeXVB/9O8c5TrG6HIgfBNYMJFY mGpQoCM1nCh8jaWmoO1gjP7B0W2DKPhE6jFmCtuRsmnOG3ROhGbXi6T6AOOI9EX3 233FgygUVZgs7t4dhz0UZ1EczQiQ4dL0YYL7J/LYMjaM31qul2cdJWTPb9ZFARFt PHeyU1uHcJ2j67kGt1qepETUfWNa4W/RD3wUmKJdKBED65xOuwv9ijnEcAhzwh4F q6UefOTf1PwszuzWpAi7rCyOWq3TqDF+r6som9j5q15fMPx+TakBA6/TKViWLRw1 ydoi3g2OkKpvgapzBdVAm9Rtcvr4B0uXtLUXL7heB6TP12UheSum817QQiLs4aqV 9syBL5XpFOJUdQPD0SMIzuhvaN2dugH2wc1BDeiv5H8nYvMx6oiebJN8CgJ3uo8Y iJBethq6bdDVq8EfYN6vHCjH7bTFtcaCVgXWq5KJYp8= =8uDf -----END PGP SIGNATURE-----= . ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 ------------------------------------------------------------------------ Date reported : April 10, 2019 Advisory ID : WSA-2019-0002 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0002.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0002.html CVE identifiers : CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-6201 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to dwfault working with ADLab of Venustech. CVE-2019-6251 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Dhiraj. CVE-2019-7285 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to dwfault working at ADLab of Venustech. CVE-2019-7292 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team. CVE-2019-8503 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to Linus S\xe4rud of Detectify. CVE-2019-8506 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8515 Versions affected: WebKitGTK before 2.22.6 and WPE WebKit before 2.22.4. Credit to James Lee, @Windowsrcer. A cross-origin issue existed with the fetch API. CVE-2019-8518 Versions affected: WebKitGTK before 2.22.7 and WPE WebKit before 2.22.5. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8523 Versions affected: WebKitGTK before 2.22.7 and WPE WebKit before 2.22.5. Credit to Apple. CVE-2019-8524 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8535 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Zhiyang Zeng, @Wester, of Tencent Blade Team. CVE-2019-8536 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Apple. CVE-2019-8544 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to an anonymous researcher. CVE-2019-8551 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Ryan Pickren, ryanpickren.com. CVE-2019-8558 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8559 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Apple. CVE-2019-8563 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Apple. CVE-2019-11070 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Igalia. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, April 10, 2019 |
| var-201105-0094 | The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. This vulnerability CVE-2011-0419 Vulnerability due to incomplete fix.Does not match wildcard pattern type by a third party URI Through service disruption ( infinite loop ) There is a possibility of being put into a state. Apache APR is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause excessive CPU usage, resulting in denial-of-service conditions. Apache APR 1.4.4 is affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: apr security update Advisory ID: RHSA-2011:0844-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0844.html Issue date: 2011-05-31 CVE Names: CVE-2011-1928 ===================================================================== 1. Summary: Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 706203 - CVE-2011-1928 apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm ppc: apr-0.9.4-26.el4.ppc.rpm apr-0.9.4-26.el4.ppc64.rpm apr-debuginfo-0.9.4-26.el4.ppc.rpm apr-debuginfo-0.9.4-26.el4.ppc64.rpm apr-devel-0.9.4-26.el4.ppc.rpm s390: apr-0.9.4-26.el4.s390.rpm apr-debuginfo-0.9.4-26.el4.s390.rpm apr-devel-0.9.4-26.el4.s390.rpm s390x: apr-0.9.4-26.el4.s390.rpm apr-0.9.4-26.el4.s390x.rpm apr-debuginfo-0.9.4-26.el4.s390.rpm apr-debuginfo-0.9.4-26.el4.s390x.rpm apr-devel-0.9.4-26.el4.s390x.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm i386: apr-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-devel-0.9.4-26.el4.i386.rpm ia64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.ia64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.ia64.rpm apr-devel-0.9.4-26.el4.ia64.rpm x86_64: apr-0.9.4-26.el4.i386.rpm apr-0.9.4-26.el4.x86_64.rpm apr-debuginfo-0.9.4-26.el4.i386.rpm apr-debuginfo-0.9.4-26.el4.x86_64.rpm apr-devel-0.9.4-26.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-docs-1.2.7-11.el5_6.5.i386.rpm x86_64: apr-1.2.7-11.el5_6.5.i386.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-docs-1.2.7-11.el5_6.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm x86_64: apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm i386: apr-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-docs-1.2.7-11.el5_6.5.i386.rpm ia64: apr-1.2.7-11.el5_6.5.ia64.rpm apr-debuginfo-1.2.7-11.el5_6.5.ia64.rpm apr-devel-1.2.7-11.el5_6.5.ia64.rpm apr-docs-1.2.7-11.el5_6.5.ia64.rpm ppc: apr-1.2.7-11.el5_6.5.ppc.rpm apr-1.2.7-11.el5_6.5.ppc64.rpm apr-debuginfo-1.2.7-11.el5_6.5.ppc.rpm apr-debuginfo-1.2.7-11.el5_6.5.ppc64.rpm apr-devel-1.2.7-11.el5_6.5.ppc.rpm apr-devel-1.2.7-11.el5_6.5.ppc64.rpm apr-docs-1.2.7-11.el5_6.5.ppc.rpm s390x: apr-1.2.7-11.el5_6.5.s390.rpm apr-1.2.7-11.el5_6.5.s390x.rpm apr-debuginfo-1.2.7-11.el5_6.5.s390.rpm apr-debuginfo-1.2.7-11.el5_6.5.s390x.rpm apr-devel-1.2.7-11.el5_6.5.s390.rpm apr-devel-1.2.7-11.el5_6.5.s390x.rpm apr-docs-1.2.7-11.el5_6.5.s390x.rpm x86_64: apr-1.2.7-11.el5_6.5.i386.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.i386.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm apr-docs-1.2.7-11.el5_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm x86_64: apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm ppc64: apr-1.3.9-3.el6_1.2.ppc.rpm apr-1.3.9-3.el6_1.2.ppc64.rpm apr-debuginfo-1.3.9-3.el6_1.2.ppc.rpm apr-debuginfo-1.3.9-3.el6_1.2.ppc64.rpm apr-devel-1.3.9-3.el6_1.2.ppc.rpm apr-devel-1.3.9-3.el6_1.2.ppc64.rpm s390x: apr-1.3.9-3.el6_1.2.s390.rpm apr-1.3.9-3.el6_1.2.s390x.rpm apr-debuginfo-1.3.9-3.el6_1.2.s390.rpm apr-debuginfo-1.3.9-3.el6_1.2.s390x.rpm apr-devel-1.3.9-3.el6_1.2.s390.rpm apr-devel-1.3.9-3.el6_1.2.s390x.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm i386: apr-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm x86_64: apr-1.3.9-3.el6_1.2.i686.rpm apr-1.3.9-3.el6_1.2.x86_64.rpm apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm apr-devel-1.3.9-3.el6_1.2.i686.rpm apr-devel-1.3.9-3.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1928.html https://access.redhat.com/security/updates/classification/#low https://rhn.redhat.com/errata/RHSA-2011-0507.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN5RAiXlSAg2UNWIIRAuwdAJ9vddMlxPWoOqzsNz37JmvVmqSKfgCfchI5 R4u+hsr+KDZ1nnC2K8wCJ9c= =e0/T -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and database connections. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1" All users of the APR Utility Library should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10" Packages which depend on these libraries may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623 [ 2 ] CVE-2011-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419 [ 3 ] CVE-2011-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928 [ 4 ] CVE-2012-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This update fixes this problem (CVE-2011-1928). If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny4. For the stable distribution (squeeze), this problem has been fixed in version 1.4.2-6+squeeze2. For the testing distribution (wheezy), this problem will be fixed in version 1.4.5-1. For the unstable distribution (sid), this problem will be fixed in version 1.4.5-1. We recommend that you upgrade your apr packages and restart the apache2 server. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03280632 Version: 2 HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-04-16 Last Updated: 2012-04-19 Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. References: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com. The Hewlett-Packard Company thanks Silent Dream for reporting CVE-2012-0135 to security-alert@hp.com RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) 16 April 2012 Initial release Version:2 (rev.2) 19 April 2012 Remove CVE-2011-4317 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. ========================================================================== Ubuntu Security Notice USN-1134-1 May 24, 2011 apache2, apr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS Summary: A denial of service issue exists that affects the Apache web server. (CVE-2011-1928) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapr1 1.4.2-7ubuntu2.1 Ubuntu 10.10: libapr1 1.4.2-3ubuntu1.1 Ubuntu 10.04 LTS: libapr1 1.3.8-1ubuntu0.3 Ubuntu 8.04 LTS: libapr1 1.2.11-1ubuntu0.2 Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.13 After a standard system update you need to restart the Apache web server or any other service that depends on the APR library to make all the necessary changes |
| var-201210-0458 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. (DoS) An attack may be carried out. Oracle Java SE is prone to a remote code execution vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. An attacker can exploit this issue to execute arbitrary code in the context of the current user. This vulnerability affects the following supported versions: 7 Update 7, 6 Update 35. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:1392-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1392.html Issue date: 2012-10-18 CVE Names: CVE-2012-0547 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory and Oracle Security Alert pages, listed in the References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 37. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606) 865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) 865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) 865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656) 865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884) 865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) 865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) 865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286) 865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917) 865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) 865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296) 865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) 865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103) 865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567) 865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919) 867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D) 867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment) 867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment) 867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX) 867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment) 867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1531.html https://www.redhat.com/security/data/cve/CVE-2012-1532.html https://www.redhat.com/security/data/cve/CVE-2012-1533.html https://www.redhat.com/security/data/cve/CVE-2012-3143.html https://www.redhat.com/security/data/cve/CVE-2012-3159.html https://www.redhat.com/security/data/cve/CVE-2012-3216.html https://www.redhat.com/security/data/cve/CVE-2012-4416.html https://www.redhat.com/security/data/cve/CVE-2012-5068.html https://www.redhat.com/security/data/cve/CVE-2012-5069.html https://www.redhat.com/security/data/cve/CVE-2012-5071.html https://www.redhat.com/security/data/cve/CVE-2012-5072.html https://www.redhat.com/security/data/cve/CVE-2012-5073.html https://www.redhat.com/security/data/cve/CVE-2012-5075.html https://www.redhat.com/security/data/cve/CVE-2012-5077.html https://www.redhat.com/security/data/cve/CVE-2012-5079.html https://www.redhat.com/security/data/cve/CVE-2012-5081.html https://www.redhat.com/security/data/cve/CVE-2012-5083.html https://www.redhat.com/security/data/cve/CVE-2012-5084.html https://www.redhat.com/security/data/cve/CVE-2012-5085.html https://www.redhat.com/security/data/cve/CVE-2012-5086.html https://www.redhat.com/security/data/cve/CVE-2012-5089.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQgDWiXlSAg2UNWIIRAqJaAJ9JgbhUTiBVnoxljsrFIdgNbno3bACgu3Yu 2L/xJjdCuObuBeSubEBbjpo= =p6Cl -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . OpenVMS Integrity JDK and JRE 6.0-3.p1 and earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03595351 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03595351 Version: 1 HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-12-12 Last Updated: 2012-12-12 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v7.0.03, v6.0.16 and v5.0.26 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1531 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1532 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1533 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3143 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3159 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-3216 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-4416 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5068 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-5069 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2012-5071 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5072 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5073 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5075 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5077 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5079 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2012-5081 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5083 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5084 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2012-5085 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 0.0 CVE-2012-5086 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5087 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5089 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 NOTE: The following apply to both v7.0.03 and v6.0.16 and earlier: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5089 NOTE: The following apply to v5.0.26 and earlier: CVE-2012-1531, CVE-2012-3143, CVE-2012-3216, CVE-2012-5069, CVE-2012-5071, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5089 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java HP-UX B.11.23, B.11.31 JDK and JRE v7.0.04 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.17 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v5.0.27 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.04 or subsequent For Java v6.0 update to Java v6.0.17 or subsequent For Java v5.0 update to Java v5.0.27 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.04.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS action: install revision 1.5.0.27.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.27.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 12 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-201012-0287 | Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. libxml2 Is XPath Service operation disruption due to inadequate handling (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) May result in a condition or other unclear effects. The 'libxml2' library is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a specially crafted XML file. A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or can cause a denial-of-service condition. NOTE: This issue was previously discussed in BID 45170 (Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities) but has been given its own record to better document it. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNG1vlmqjQ0CJFipgRAk8hAJ4wwNOcgIDPvZpECml6UDoJAh7FbACgu/e5 KLbVXnunIbjMTSm3GPo/LxQ= =xSaB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . 6) - i386, x86_64 3. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. This update also fixes the following bugs: * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. The desktop must be restarted (log out, then log back in) for this update to take effect. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libxml2: Multiple vulnerabilities Date: October 26, 2011 Bugs: #345555, #370715, #386985 ID: 201110-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in libxml2 which could lead to execution of arbitrary code or a Denial of Service. Background ========== libxml2 is the XML C parser and toolkit developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.7.8-r3 >= 2.7.8-r3 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r3" References ========== [ 1 ] CVE-2010-4008 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4008 [ 2 ] CVE-2010-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4494 [ 3 ] CVE-2011-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1944 [ 4 ] CVE-2011-2821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2821 [ 5 ] CVE-2011-2834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-26.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Relevant releases ESX 5.0 without patch ESXi500-201207101-SG 3. Problem Description a. ESXi update to third party component libxml2 The libxml2 third party library has been updated which addresses multiple security issues The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========== ======== ======== ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 any ESXi500-201207101-SG ESXi 4.1 any patch pending ESXi 4.0 any patch pending ESXi 3.5 any patch pending ESX any any not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. Note: "patch pending" means that the product is affected, but no patch is currently available. The advisory will be updated when a patch is available. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 5.0 -------- ESXi500-201207001 md5sum: 01196c5c1635756ff177c262cb69a848 sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86 http://kb.vmware.com/kb/2020571 ESXi500-201207001 contains ESXi500-201207101-SG 5. Change log 2012-07-12 VMSA-2012-0012 Initial security advisory in conjunction with the release of a patch for ESXi 5.0 on 2012-07-12. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04135307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04135307 Version: 1 HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Multiple remote vulnerabilities affecting confidentiality, integrity and availability Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. References: CVE-2010-4008 CVE-2010-4494 CVE-2011-2182 CVE-2011-2213 CVE-2011-2492 CVE-2011-2518 CVE-2011-2689 CVE-2011-2723 CVE-2011-3188 CVE-2011-4077 CVE-2011-4110 CVE-2012-0058 CVE-2012-0879 CVE-2012-1088 CVE-2012-1179 CVE-2012-2137 CVE-2012-2313 CVE-2012-2372 CVE-2012-2373 CVE-2012-2375 CVE-2012-2383 CVE-2012-2384 CVE-2013-6205 CVE-2013-6206 SSRT101443 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Rapid Deployment Pack (RDP) -- All versions HP Insight Control Server Deployment -- All versions BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-6205 (AV:L/AC:M/Au:S/C:P/I:P/A:P) 4.1 CVE-2013-6206 (AV:N/AC:L/Au:N/C:C/I:P/A:P) 9.0 CVE-2010-4008 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-4494 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-2182 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2011-2213 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2011-2492 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9 CVE-2011-2518 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2011-2689 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2011-2723 (AV:A/AC:M/Au:N/C:N/I:N/A:C) 5.7 CVE-2011-3188 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-4077 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2011-4110 (AV:L/AC:L/Au:N/C:N/I:N/A:P) 2.1 CVE-2012-0058 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2012-0879 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2012-1088 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2012-1179 (AV:A/AC:M/Au:S/C:N/I:N/A:C) 5.2 CVE-2012-2137 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2313 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2012-2372 (AV:L/AC:M/Au:S/C:N/I:N/A:C) 4.4 CVE-2012-2373 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0 CVE-2012-2375 (AV:A/AC:H/Au:N/C:N/I:N/A:C) 4.6 CVE-2012-2383 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2012-2384 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP recommends that HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment should only be run on private secure networks to prevent the risk of security compromise. HISTORY Version:1 (rev.1) - 10 March 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 ===================================================================== 1. Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-2 |
| var-202004-0983 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF There is an information leakage vulnerability in.Information may be obtained. Apache CXF is an open source Web service framework of the Apache Software Foundation. The framework supports a variety of Web service standards, a variety of front-end programming API and so on. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 Advisory ID: RHSA-2020:4245-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4245 Issue date: 2020-10-13 CVE Names: CVE-2020-1954 CVE-2020-14299 CVE-2020-14338 CVE-2020-14340 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299) * wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338) * xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1848533 - CVE-2020-14299 picketbox: JBoss EAP reload to admin-only mode allows authentication bypass 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-19379 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.17 to 5.3.18 JBEAP-19444 - Tracker bug for the EAP 7.3.3 release for RHEL-8 JBEAP-19596 - [GSS](7.3.z) CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled 'Application Realm' JBEAP-19613 - (7.3.z) ELY-1975 - Update AcmeClientSpi#obtainCertificate so that it obtains the order URL from the response to newOrder JBEAP-19615 - (7.3.z) ELY-1968 - Update error message returned by AcmeClientSpi#getLocation JBEAP-19642 - (7.3.z) Upgrade jberet-core from 1.3.5.Final to 1.3.7.Final JBEAP-19695 - [GSS](7.3.z) Upgrade Apache CXF from 3.3.5 to 3.3.7 JBEAP-19698 - [GSS](7.3.z) Upgrade Invocation from 1.5.2.Final-redhat-00001 to 1.5.3.Final... JBEAP-19700 - [GSS](7.3.z) Upgrade Migration Tool from 1.7.1-redhat-00003 to 1.7.2-redhat-00001 JBEAP-19701 - [GSS](7.3.z) Upgrade jgroups from 4.1.4.Final-redhat-00001 to 4.1.10.Final-redhat-00001 JBEAP-19715 - [GSS](7.3.z) Upgrade Artemis Native to 1.0.2 JBEAP-19746 - [GSS](7.3.z) Upgrade JBoss Log Manager from 2.1.15 to 2.1.17 JBEAP-19789 - [GSS](7.3.z) Upgrade Narayana from 5.9.8.Final to 5.9.9.Final JBEAP-19791 - [GSS](7.3.z) Upgrade HAL from 3.2.9.Final-redhat-00001 to 3.2.10.Final-redhat-00001 JBEAP-19795 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP11-redhat-00001 to 2.3.9.SP12-redhat-00001 JBEAP-19796 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00010 to 2.9.0.redhat-00011 JBEAP-19822 - (7.3.z) Upgrade MP fault-tolerance to 2.1.1 JBEAP-19888 - (7.3.z) Upgrade SmallRye OpenAPI to 1.1.23 JBEAP-19934 - (7.3.z) Upgrade bouncycastle to 1.65 JBEAP-19935 - (7.3.z) Upgrade commons-codec to 1.14 JBEAP-19936 - (7.3.z) Upgrade commons-lang3 from 3.9 to 3.10 JBEAP-19937 - (7.3.z) Upgrade snakeyaml to 1.26 JBEAP-19938 - (7.3.z) Upgrade velocity to 2.2 JBEAP-19939 - (7.3.z) Upgrade httpcomponents httpclient from 4.5.4 to 4.5.12 JBEAP-19940 - (7.3.z) Upgrade httpcomponents httpcore from 4.4.5 to 4.4.13 JBEAP-19942 - (7.3.z) Upgrade XNIO from 3.7.8.SP1 to 3.7.9.Final JBEAP-19955 - (7.3.z) Update xmlschema to 2.2.5 JBEAP-19965 - (7.3.z) Fix PreservePathTestCase after httpclient upgrade JBEAP-20027 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013 JBEAP-20037 - [GSS](7.3.z) Upgrade wildfly-transaction-client from 1.1.11.Final-redhat-00001 to 1.1.13.Final-redhat-00001 JBEAP-20064 - (7.3.z) Update PR template to include PR-processor hints for wildfly-core-eap JBEAP-20087 - [GSS](7.3.z) WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling) JBEAP-20112 - (7.3.z) Upgrade smallrye-fault-tolerance to 4.2.1 7. Package List: Red Hat JBoss EAP 7.3 for BaseOS-8: Source: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.src.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-artemis-native-1.0.2-3.redhat_1.el8eap.src.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.src.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.src.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-mail-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-pkix-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-prov-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.noarch.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-velocity-engine-core-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.noarch.rpm x86_64: eap7-artemis-native-1.0.2-3.redhat_1.el8eap.x86_64.rpm eap7-artemis-native-wildfly-1.0.2-3.redhat_1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-1954 https://access.redhat.com/security/cve/CVE-2020-14299 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-14340 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX4XdnNzjgjWX9erEAQiXuw//R4g+s6n+rk7hCp48kUecgr/5ci5EP6UM 7BsPN7sPZcLyYiZZsP+/6hHbB/dkfUyL8zJMQBQHHcwjhFkI9diYjraI2/K2BTo8 Fb/JEJoCmDs88/LUUpMebq7SSulBWhtfKYwCCOGy6pCpRAka99nzFXGr1y4H1ozJ berY8tq9PVJLJyuKGyoK+06fENIV2b/Oir68lSGrTMJVQeqb9TclI1pRIZ/8iZNh OQOnXk85y81YrQTlynAlBnlMCtSNEFMBUi5b25Q30ZNxMaegYyezvlgs790hLZQA UUfjAdFsk341kK0uop93y9MnDT1qUiYNG1rJ5DBB0jzyq7zQk2GxwBYg3mhItMhi FBZ6oeePwEEq4Bxpd1vERDQQW+zCpd0jLJ4nvU1wFIQZK7eSBk6Lz4ws2XUHmuru yXCcJZWqkXzQwhYMSq3y1fVcTAl6HcWxoBuX1TU9AmZWKcUlHN9Lo6BF4fMEhXH/ UrQNC+mOnCAjJrD1sGyPlozMnZnu96fVMURTDdz4J9aN1JU1t0fb2MgD3X3VZWto ducjlQPeNTI1+elmaBxAS8A7a+UaN63QgjeCQfzjEky89Jvfv/Ra6i5R5x8LrrQf zMn1XyxOAefzehiV8SR801W8dE7D7RlF5y/TH0ciA/CIzUSNAbb4tDlGcSDPig+a PGc+57G5XO4=OgA5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Security Fix(es): * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * ant: insecure temporary file vulnerability (CVE-2020-1945) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875) * mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS 5. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications |
| var-200505-0353 | Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner.". An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Mac OS X Server is prone to a local security vulnerability. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15227 VERIFY ADVISORY: http://secunia.com/advisories/15227/ CRITICAL: Highly critical IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. 2) An integer overflow error in the AppKit component when processing TIFF files can be exploited by malicious people to compromise a user's system. For more information: SA13607 3) An error in the AppKit component when parsing certain TIFF images can result in an invalid call to the "NXSeek()" function, which will crash an affected Cocoa application. 4) An error within the handling of AppleScript can be exploited to display code to a user that is different than the code, which will actually run. 5) An error in the Bluetooth support may cause Bluetooth-enabled systems to share files via the Bluetooth file exchange service without notifying the user properly. 6) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services. 8) A vulnerability in Finder can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges due to insecure creation of ".DS_Store" files. For more information: SA14188 9) A boundary error within the Foundation framework when handling environment variables can be exploited to cause a buffer overflow and may allow execution of arbitrary code. 10) An error in Help Viewer can be exploited to run JavaScript without the normally imposed security restrictions. 11) A security issue in the LDAP functionality may under certain circumstances result in passwords initially being stored in plain text. 12) Errors within the parsing of XPM files can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA12549 13) An error in lukemftpd can be exploited by malicious users to bypass chroot restrictions. In order to restrict users to their home directory, both their full name and short name must be listed in the "/etc/ftpchroot" file. However, the problem is that users can change their full name and thereby bypass this restriction. 14) A boundary error in the Netinfo Setup Tool (NeST) when processing input passed to the "-target" command line parameter can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with escalated privileges on a vulnerable system. 15) When enabling the HTTP proxy service in Server Admin, it is by default possible for everyone (including users on the Internet) to use the proxy service. 16) A vulnerability in sudo within the environment clearing can be exploited by malicious, local users to gain escalated privileges. For more information: SA13199 17) An error in the Terminal utility can be exploited to inject data via malicious input containing escape sequences in window titles. 18) An error in the Terminal utility can be exploited to inject commands into a user's Terminal session via malicious input containing escape characters in x-man-path URIs. SOLUTION: Apply Security Update 2005-005. Security Update 2005-005 (Client): http://www.apple.com/support/downloads/securityupdate2005005client.html Security Update 2005-005 (Server): http://www.apple.com/support/downloads/securityupdate2005005server.html PROVIDED AND/OR DISCOVERED BY: 1) JxT 3) Henrik Dalgaard 4) David Remahl 5) Kevin Finisterre, digitalmunition.com. 6) Kevin Finisterre, digitalmunition.com. 10) David Remahl 13) Rob Griffiths 14) Nico 17) David Remahl 18) David Remahl 19) Pieter de Boer ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301528 David Remahl: http://remahl.se/david/vuln/004/ http://remahl.se/david/vuln/010/ http://remahl.se/david/vuln/011/ http://remahl.se/david/vuln/012/ digitalmunition.com: http://www.digitalmunition.com/DMA[2005-0502a].txt iDEFENSE: http://www.idefense.com/application/poi/display?id=239&type=vulnerabilities OTHER REFERENCES: SA12549: http://secunia.com/advisories/12549/ SA13199: http://secunia.com/advisories/13199/ SA13607: http://secunia.com/advisories/13607/ SA14188: http://secunia.com/advisories/14188/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- |
| var-201605-0133 | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. PHP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community; Fileinfo is one of them used to display file attributes and support batch modification of its Components of properties. The vulnerability stems from the fact that the program does not correctly handle continuation-level jumps. The following versions are affected: PHP prior to 5.5.34, 5.6.x prior to 5.6.20, 7.x prior to 7.0.5, and prior to file 5.23. ============================================================================ Ubuntu Security Notice USN-2984-1 May 24, 2016 php5, php7.0 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in PHP. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865) Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078) It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132) It was discovered that the PHP rawurlencode() function incorrectly handled large strings. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070) It was discovered that the PHP php_snmp_error() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071) It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072) It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073) It was discovered that the PHP phar extension incorrectly handled certain archive files. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343) It was discovered that the PHP bcpowmod() function incorrectly handled memory. (CVE-2016-4537, CVE-2016-4538) It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. (CVE-2016-4539) It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. (CVE-2016-4540, CVE-2016-4541) It was discovered that PHP incorrectly handled certain malformed EXIF tags. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.4-7ubuntu2.1 php7.0-cgi 7.0.4-7ubuntu2.1 php7.0-cli 7.0.4-7ubuntu2.1 php7.0-fpm 7.0.4-7ubuntu2.1 Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.4 php5-cgi 5.6.11+dfsg-1ubuntu3.4 php5-cli 5.6.11+dfsg-1ubuntu3.4 php5-fpm 5.6.11+dfsg-1ubuntu3.4 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 php5-cgi 5.5.9+dfsg-1ubuntu4.17 php5-cli 5.5.9+dfsg-1ubuntu4.17 php5-fpm 5.5.9+dfsg-1ubuntu4.17 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.23 php5-cgi 5.3.10-1ubuntu3.23 php5-cli 5.3.10-1ubuntu3.23 php5-fpm 5.3.10-1ubuntu3.23 In general, a standard system update will make all the necessary changes. Software Description: - file: Tool to determine file types Details: USN-3686-1 fixed a vulnerability in file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56 security, bug fix, and enhancement update Advisory ID: RHSA-2016:2750-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2750.html Issue date: 2016-11-15 CVE Names: CVE-2013-7456 CVE-2014-9767 CVE-2015-2325 CVE-2015-2326 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8381 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2015-8392 CVE-2015-8395 CVE-2015-8835 CVE-2015-8865 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-1903 CVE-2016-2554 CVE-2016-3074 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4342 CVE-2016-4343 CVE-2016-4473 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2016-5114 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 ===================================================================== 1. Summary: An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401) Security Fixes in the rh-php56-php component: * Several Moderate and Low impact security issues were found in PHP. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132) * Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395) Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1207198 - CVE-2015-2325 pcre: heap buffer overflow in compile_branch() 1207202 - CVE-2015-2326 pcre: heap buffer over-read in pcre_compile2() (8.37/23) 1228283 - CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11) 1237223 - CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18) 1260716 - CVE-2014-9767 php: ZipArchive::extractTo allows for directory traversal when creating directories 1285399 - CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20) 1285408 - CVE-2015-2327 pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19) 1287614 - CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3) 1287623 - CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4) 1287629 - CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30) 1287636 - CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6) 1287671 - CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16) 1287690 - CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27) 1287711 - CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36) 1297710 - CVE-2016-5114 php: out-of-bounds write in fpm_log.c 1297717 - CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated 1305536 - CVE-2016-4342 php: use of uninitialized pointer in PharFileInfo::getContent 1305543 - CVE-2016-2554 php: buffer overflow in handling of long link names in tar phar archives 1315312 - CVE-2016-3142 php: Out-of-bounds read in phar_parse_zipfile() 1315328 - CVE-2016-3141 php: Use after free in WDDX Deserialize when processing XML data 1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd 1323074 - CVE-2015-8835 php: type confusion issue in Soap Client call() method 1323103 - CVE-2016-4073 php: Negative size parameter in memcpy 1323106 - CVE-2016-4072 php: Invalid memory write in phar on filename containing \0 inside name 1323108 - CVE-2016-4071 php: Format string vulnerability in php_snmp_error() 1323114 - CVE-2016-4070 php: Integer overflow in php_raw_url_encode 1323118 - CVE-2015-8865 file: Buffer over-write in finfo_open with malformed magic file 1330418 - CVE-2015-8866 php: libxml_disable_entity_loader setting is shared between threads 1330420 - CVE-2015-8867 php: openssl_random_pseudo_bytes() is not cryptographically secure 1332454 - CVE-2016-4343 php: Uninitialized pointer in phar_make_dirstream() 1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition 1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input 1332872 - CVE-2016-4540 CVE-2016-4541 php: OOB read in grapheme_stripos and grapheme_strpos when negative offset is used 1332877 - CVE-2016-4539 php: xml_parse_into_struct() can crash when XML parser is re-used 1336772 - CVE-2015-8874 gd: gdImageFillToBorder deep recursion leading to stack overflow 1336775 - CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c 1338896 - CVE-2015-8876 php: Zend/zend_exceptions.c does not validate certain Exception objects 1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches 1338912 - CVE-2015-8879 php: odbc_bindcols function mishandles driver behavior for SQL_WVARCHAR columns 1339590 - CVE-2016-5093 php: improper nul termination leading to out-of-bounds read in get_icu_value_internal 1339949 - CVE-2016-5096 php: Integer underflow causing arbitrary null write in fread/gzread 1340433 - CVE-2013-7456 gd: incorrect boundary adjustment in _gdContributionsCalc 1340738 - CVE-2016-5094 php: Integer overflow in php_html_entities() 1347772 - CVE-2016-4473 php: Invalid free() instead of efree() in phar_extract_file() 1351068 - CVE-2016-5766 gd: Integer Overflow in _gd2GetHeader() resulting in heap overflow 1351069 - CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow 1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec 1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread 1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize 1351179 - CVE-2016-5773 php: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize 1351603 - CVE-2016-6128 gd: Invalid color index not properly handled 1358395 - CVE-2016-5399 php: Improper error handling in bzread() 1359698 - CVE-2016-6289 php: Integer overflow leads to buffer overflow in virtual_file_ex 1359710 - CVE-2016-6290 php: Use after free in unserialize() with Unexpected Session Deserialization 1359718 - CVE-2016-6291 php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE 1359756 - CVE-2016-6292 php: Null pointer dereference in exif_process_user_comment 1359800 - CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc() 1359811 - CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http 1359815 - CVE-2016-6295 php: Use after free in SNMP with GC and unserialize() 1359822 - CVE-2016-6296 php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c 1359828 - CVE-2016-6297 php: Stack-based buffer overflow vulnerability in php_stream_zip_opener 1360322 - CVE-2016-6288 php: Buffer over-read in php_url_parse_ex 1374697 - CVE-2016-7124 php: bypass __wakeup() in deserialization of an unexpected object 1374698 - CVE-2016-7125 php: Session Data Injection Vulnerability 1374699 - CVE-2016-7126 php: select_colors write out-of-bounds 1374701 - CVE-2016-7127 php: imagegammacorrect allows arbitrary write access 1374704 - CVE-2016-7128 php: Memory Leakage In exif_process_IFD_in_TIFF 1374705 - CVE-2016-7129 php: wddx_deserialize allows illegal memory access 1374707 - CVE-2016-7130 php: wddx_deserialize null dereference 1374708 - CVE-2016-7131 php: wddx_deserialize null dereference with invalid xml 1374711 - CVE-2016-7132 php: wddx_deserialize null dereference in php_wddx_pop_element 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-2.3-1.el6.src.rpm rh-php56-php-5.6.25-1.el6.src.rpm rh-php56-php-pear-1.9.5-4.el6.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el6.noarch.rpm x86_64: rh-php56-2.3-1.el6.x86_64.rpm rh-php56-php-5.6.25-1.el6.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el6.x86_64.rpm rh-php56-php-cli-5.6.25-1.el6.x86_64.rpm rh-php56-php-common-5.6.25-1.el6.x86_64.rpm rh-php56-php-dba-5.6.25-1.el6.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el6.x86_64.rpm rh-php56-php-devel-5.6.25-1.el6.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el6.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el6.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el6.x86_64.rpm rh-php56-php-gd-5.6.25-1.el6.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-imap-5.6.25-1.el6.x86_64.rpm rh-php56-php-intl-5.6.25-1.el6.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el6.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el6.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el6.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el6.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el6.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el6.x86_64.rpm rh-php56-php-process-5.6.25-1.el6.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el6.x86_64.rpm rh-php56-php-recode-5.6.25-1.el6.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el6.x86_64.rpm rh-php56-php-soap-5.6.25-1.el6.x86_64.rpm rh-php56-php-tidy-5.6.25-1.el6.x86_64.rpm rh-php56-php-xml-5.6.25-1.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el6.x86_64.rpm rh-php56-runtime-2.3-1.el6.x86_64.rpm rh-php56-scldevel-2.3-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-2.3-1.el7.src.rpm rh-php56-php-5.6.25-1.el7.src.rpm rh-php56-php-pear-1.9.5-4.el7.src.rpm noarch: rh-php56-php-pear-1.9.5-4.el7.noarch.rpm x86_64: rh-php56-2.3-1.el7.x86_64.rpm rh-php56-php-5.6.25-1.el7.x86_64.rpm rh-php56-php-bcmath-5.6.25-1.el7.x86_64.rpm rh-php56-php-cli-5.6.25-1.el7.x86_64.rpm rh-php56-php-common-5.6.25-1.el7.x86_64.rpm rh-php56-php-dba-5.6.25-1.el7.x86_64.rpm rh-php56-php-dbg-5.6.25-1.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.25-1.el7.x86_64.rpm rh-php56-php-devel-5.6.25-1.el7.x86_64.rpm rh-php56-php-embedded-5.6.25-1.el7.x86_64.rpm rh-php56-php-enchant-5.6.25-1.el7.x86_64.rpm rh-php56-php-fpm-5.6.25-1.el7.x86_64.rpm rh-php56-php-gd-5.6.25-1.el7.x86_64.rpm rh-php56-php-gmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-intl-5.6.25-1.el7.x86_64.rpm rh-php56-php-ldap-5.6.25-1.el7.x86_64.rpm rh-php56-php-mbstring-5.6.25-1.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.25-1.el7.x86_64.rpm rh-php56-php-odbc-5.6.25-1.el7.x86_64.rpm rh-php56-php-opcache-5.6.25-1.el7.x86_64.rpm rh-php56-php-pdo-5.6.25-1.el7.x86_64.rpm rh-php56-php-pgsql-5.6.25-1.el7.x86_64.rpm rh-php56-php-process-5.6.25-1.el7.x86_64.rpm rh-php56-php-pspell-5.6.25-1.el7.x86_64.rpm rh-php56-php-recode-5.6.25-1.el7.x86_64.rpm rh-php56-php-snmp-5.6.25-1.el7.x86_64.rpm rh-php56-php-soap-5.6.25-1.el7.x86_64.rpm rh-php56-php-xml-5.6.25-1.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.25-1.el7.x86_64.rpm rh-php56-runtime-2.3-1.el7.x86_64.rpm rh-php56-scldevel-2.3-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7456 https://access.redhat.com/security/cve/CVE-2014-9767 https://access.redhat.com/security/cve/CVE-2015-2325 https://access.redhat.com/security/cve/CVE-2015-2326 https://access.redhat.com/security/cve/CVE-2015-2327 https://access.redhat.com/security/cve/CVE-2015-2328 https://access.redhat.com/security/cve/CVE-2015-3210 https://access.redhat.com/security/cve/CVE-2015-3217 https://access.redhat.com/security/cve/CVE-2015-5073 https://access.redhat.com/security/cve/CVE-2015-8381 https://access.redhat.com/security/cve/CVE-2015-8383 https://access.redhat.com/security/cve/CVE-2015-8384 https://access.redhat.com/security/cve/CVE-2015-8385 https://access.redhat.com/security/cve/CVE-2015-8386 https://access.redhat.com/security/cve/CVE-2015-8388 https://access.redhat.com/security/cve/CVE-2015-8391 https://access.redhat.com/security/cve/CVE-2015-8392 https://access.redhat.com/security/cve/CVE-2015-8395 https://access.redhat.com/security/cve/CVE-2015-8835 https://access.redhat.com/security/cve/CVE-2015-8865 https://access.redhat.com/security/cve/CVE-2015-8866 https://access.redhat.com/security/cve/CVE-2015-8867 https://access.redhat.com/security/cve/CVE-2015-8873 https://access.redhat.com/security/cve/CVE-2015-8874 https://access.redhat.com/security/cve/CVE-2015-8876 https://access.redhat.com/security/cve/CVE-2015-8877 https://access.redhat.com/security/cve/CVE-2015-8879 https://access.redhat.com/security/cve/CVE-2016-1903 https://access.redhat.com/security/cve/CVE-2016-2554 https://access.redhat.com/security/cve/CVE-2016-3074 https://access.redhat.com/security/cve/CVE-2016-3141 https://access.redhat.com/security/cve/CVE-2016-3142 https://access.redhat.com/security/cve/CVE-2016-4070 https://access.redhat.com/security/cve/CVE-2016-4071 https://access.redhat.com/security/cve/CVE-2016-4072 https://access.redhat.com/security/cve/CVE-2016-4073 https://access.redhat.com/security/cve/CVE-2016-4342 https://access.redhat.com/security/cve/CVE-2016-4343 https://access.redhat.com/security/cve/CVE-2016-4473 https://access.redhat.com/security/cve/CVE-2016-4537 https://access.redhat.com/security/cve/CVE-2016-4538 https://access.redhat.com/security/cve/CVE-2016-4539 https://access.redhat.com/security/cve/CVE-2016-4540 https://access.redhat.com/security/cve/CVE-2016-4541 https://access.redhat.com/security/cve/CVE-2016-4542 https://access.redhat.com/security/cve/CVE-2016-4543 https://access.redhat.com/security/cve/CVE-2016-4544 https://access.redhat.com/security/cve/CVE-2016-5093 https://access.redhat.com/security/cve/CVE-2016-5094 https://access.redhat.com/security/cve/CVE-2016-5096 https://access.redhat.com/security/cve/CVE-2016-5114 https://access.redhat.com/security/cve/CVE-2016-5399 https://access.redhat.com/security/cve/CVE-2016-5766 https://access.redhat.com/security/cve/CVE-2016-5767 https://access.redhat.com/security/cve/CVE-2016-5768 https://access.redhat.com/security/cve/CVE-2016-5770 https://access.redhat.com/security/cve/CVE-2016-5771 https://access.redhat.com/security/cve/CVE-2016-5772 https://access.redhat.com/security/cve/CVE-2016-5773 https://access.redhat.com/security/cve/CVE-2016-6128 https://access.redhat.com/security/cve/CVE-2016-6207 https://access.redhat.com/security/cve/CVE-2016-6288 https://access.redhat.com/security/cve/CVE-2016-6289 https://access.redhat.com/security/cve/CVE-2016-6290 https://access.redhat.com/security/cve/CVE-2016-6291 https://access.redhat.com/security/cve/CVE-2016-6292 https://access.redhat.com/security/cve/CVE-2016-6294 https://access.redhat.com/security/cve/CVE-2016-6295 https://access.redhat.com/security/cve/CVE-2016-6296 https://access.redhat.com/security/cve/CVE-2016-6297 https://access.redhat.com/security/cve/CVE-2016-7124 https://access.redhat.com/security/cve/CVE-2016-7125 https://access.redhat.com/security/cve/CVE-2016-7126 https://access.redhat.com/security/cve/CVE-2016-7127 https://access.redhat.com/security/cve/CVE-2016-7128 https://access.redhat.com/security/cve/CVE-2016-7129 https://access.redhat.com/security/cve/CVE-2016-7130 https://access.redhat.com/security/cve/CVE-2016-7131 https://access.redhat.com/security/cve/CVE-2016-7132 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYKvj4XlSAg2UNWIIRAqg2AKCB6Jcysv4gkiktKAJA3gy+RKlAqwCeJpjs UCuj+0gWfBsWXOgFhgH0uL8= =FcPG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05240731 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05240731 Version: 1 HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-08-19 Last Updated: 2016-08-19 Potential Security Impact: Local Denial of Service (DoS), Elevation of Privilege, Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Disclosure of Information, Unauthorized Modification Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. References: - CVE-2016-1238 - Perl Local Elevation of Privilege - CVE-2016-2381 - Perl Remote Unauthorized Modification - CVE-2014-4330 - Perl Local Denial of Service (DoS) **Note:** applies only for the H/J-series SPR. Fix was already provided in a previous L-series SPR. OSS Script Languages (T1203) T1203H01 through T1203H01^AAD, T1203L01 and T1203L01^AAC *Impacted releases:* - L15.02 - L15.08.00, L15.08.01 - L16.05.00 - J06.14 through J06.16.02 - J06.17.00, J06.17.01 - J06.18.00, J06.18.01 - J06.19.00, J06.19.01, J06.19.02 - J06.20.00 - H06.25 through H06.26.01 - H06.27.00, H06.27.01 - H06.28.00, H06.28.01 - H06.29.00, H06.29.01 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2013-7456 7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2014-4330 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P) CVE-2015-8383 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8386 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8387 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8389 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8390 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8391 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C) CVE-2015-8393 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2015-8394 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8607 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8853 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2015-8865 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-8874 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-1238 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) CVE-2016-1903 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) CVE-2016-2381 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2016-2554 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-3074 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4070 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-4071 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4072 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4073 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4342 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C) CVE-2016-4343 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-4537 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4538 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4539 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4540 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4541 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4542 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4543 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4544 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5093 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5094 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5096 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5114 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) CVE-2016-5766 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5767 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-5768 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5769 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5770 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5771 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5772 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5773 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in NonStop Servers OSS Script Languages running Perl and PHP. Install one of the SPRs below as appropriate for the system's release version: + L-Series: * T1203L01^AAE (OSS Scripting Languages) - already available This SPR already is present in these RVUs: None This SPR is usable with the following RVUs: - L15.02 through L16.05.00 + H and J-Series: * T1203H01^AAF (OSS Scripting Languages) - already available This SPR already is present in these RVUs: None This SPR is usable with the following RVUs: - J06.14 through J06.20.00 - H06.25 through H06.29.01 **Note:** Please refer to *NonStop Hotstuff HS03333* for more information. HISTORY Version:1 (rev.1) - 19 August 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== file is a utility that guesses a file format by scanning binary data for patterns. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 30, 2016 Bugs: #578734, #581834, #584204, #587246, #591710, #594498, #597586, #599326 ID: 201611-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.6.28 >= 5.6.28 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28" References ========== [ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-201911-1627 | Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel The product contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in the Intel graphics hardware (GPU) due to the program's inadequate access controls. ========================================================================== Ubuntu Security Notice USN-4184-2 November 13, 2019 linux, linux-hwe, linux-oem-osp1 vulnerability and regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-hwe: Linux hardware enablement (HWE) kernel - linux-oem-osp1: Linux kernel for OEM processors Details: USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-36-generic 5.0.0-36.39 linux-image-5.0.0-36-generic-lpae 5.0.0-36.39 linux-image-5.0.0-36-lowlatency 5.0.0-36.39 linux-image-generic 5.0.0.36.38 linux-image-generic-lpae 5.0.0.36.38 linux-image-lowlatency 5.0.0.36.38 linux-image-virtual 5.0.0.36.38 Ubuntu 18.04 LTS: linux-image-5.0.0-1028-oem-osp1 5.0.0-1028.32 linux-image-5.0.0-36-generic 5.0.0-36.39~18.04.1 linux-image-5.0.0-36-generic-lpae 5.0.0-36.39~18.04.1 linux-image-5.0.0-36-lowlatency 5.0.0-36.39~18.04.1 linux-image-generic-hwe-18.04 5.0.0.36.94 linux-image-generic-lpae-hwe-18.04 5.0.0.36.94 linux-image-lowlatency-hwe-18.04 5.0.0.36.94 linux-image-oem-osp1 5.0.0.1028.32 linux-image-virtual-hwe-18.04 5.0.0.36.94 Please note that mitigating the TSX (CVE-2019-11135) and i915 (CVE-2019-0154) issues requires corresponding microcode and graphics firmware updates respectively. After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4184-2 https://usn.ubuntu.com/4184-1 CVE-2019-0155, https://bugs.launchpad.net/bugs/1851709, https://bugs.launchpad.net/bugs/1852141 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-36.39 https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-36.39~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1028.32 . 7.3) - noarch, x86_64 3. CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Machine Check Error (MCE) and denial of service (hang or crash). The guest triggers this error by changing page tables without a TLB flush, so that both 4 KB and 2 MB entries for the same virtual address are loaded into the instruction TLB (iTLB). This update implements a mitigation in KVM that prevents guest VMs from loading 2 MB entries into the iTLB. This will reduce performance of guest VMs. A qemu update adding support for the PSCHANGE_MC_NO feature, which allows to disable iTLB Multihit mitigations in nested hypervisors will be provided via DSA 4566-1. Intel's explanation of the issue can be found at <https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0>. CVE-2019-0154 Intel discovered that on their 8th and 9th generation GPUs, reading certain registers while the GPU is in a low-power state can cause a system hang. The affected chips (gen8 and gen9) are listed at <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8>. This update mitigates the issue by adding the security check to the i915 driver. The affected chips (gen9 onward) are listed at <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9>. CVE-2019-11135 It was discovered that on Intel CPUs supporting transactional memory (TSX), a transaction that is going to be aborted may continue to execute speculatively, reading sensitive data from internal buffers and leaking it through dependent operations. Intel calls this "TSX Asynchronous Abort" (TAA). For CPUs affected by the previously published Microarchitectural Data Sampling (MDS) issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091), the existing mitigation also mitigates this issue. For processors that are vulnerable to TAA but not MDS, this update disables TSX by default. This mitigation requires updated CPU microcode. An updated intel-microcode package (only available in Debian non-free) will be provided via DSA 4565-1. The updated CPU microcode may also be available as part of a system firmware ("BIOS") update. Intel's explanation of the issue can be found at <https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort>. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u2. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl3LBMVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RtSg//aBsENrrs5mbCKYxt6Lm1hVdxdmz+9TbgZkxU+lQ0XEfge4wQUCa8KhJh os4qGuDXh5q/2VkNMa+cUCyHCyxxl3qv4rCsm+MxG1Rd4Hy4JoKt4heJgi5hXW9A qhOQ5+rHb0OeoPM9BCduTi37h+mLS4ItRz30n3+3B2+VC0tj+iV2nOZJmC0WMEiq LrqeDm39pa6DqKBAExdYT/TCyKLsngMHoIGorWVPXdJP1/xmrH2gU0W3L7k5KJPz apeCi4E3H9bjRh8Be5SeT3zDoEaiiNn/sHHkLDeAryFMuwilekxFaYocbW/0CEIH kWRMkC+uq1KfQfBDSxIOsH8yq8n+zQ12XJ0YiiqEKg6ErabWz5rCaVHyPWvdh0Ny mezs99PkQ7mUkjAUVzIfz2Rq6VByOCdfuT/GvPL7rUtIJYRdqYkWBI8t/hVlrnDq yR+X7vQZWm5wb3+Jiz/sA6TqgDvKSgk1+tUfBmqI9sh1wWNKSSYee0b81BLLubs3 IInPlgW2Lp+IsA3CVKKQNTNMWZkuNyPZH2UGpZV45otazcLPrrdNtt52x4gvIJ/W lizVpb2BOpTpoeEXNYlEDCjwcrW9f1FkVztwMgz3J6eb9pHjieFuGO9vOxcP7li3 FNJbGhaUUZa8BfjsQgBwFSwVXRr212zK9yv0UHnLRJo4l0I3xC0=YZWL -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:3872-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3872 Issue date: 2019-11-13 CVE Names: CVE-2019-0155 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. 5. Bugs fixed (https://bugzilla.redhat.com/): 1724398 - CVE-2019-0155 hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.4.3.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-3.10.0-1062.4.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.4.3.el7.ppc64.rpm kernel-devel-3.10.0-1062.4.3.el7.ppc64.rpm kernel-headers-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.ppc64.rpm perf-3.10.0-1062.4.3.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm python-perf-3.10.0-1062.4.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.4.3.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-devel-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-headers-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.ppc64le.rpm perf-3.10.0-1062.4.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm python-perf-3.10.0-1062.4.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.4.3.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-3.10.0-1062.4.3.el7.s390x.rpm kernel-debug-3.10.0-1062.4.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.4.3.el7.s390x.rpm kernel-devel-3.10.0-1062.4.3.el7.s390x.rpm kernel-headers-3.10.0-1062.4.3.el7.s390x.rpm kernel-kdump-3.10.0-1062.4.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.4.3.el7.s390x.rpm perf-3.10.0-1062.4.3.el7.s390x.rpm perf-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm python-perf-3.10.0-1062.4.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.4.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.3.el7.noarch.rpm kernel-doc-3.10.0-1062.4.3.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.3.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.3.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.3.el7.x86_64.rpm perf-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.3.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcxRUNzjgjWX9erEAQi5Yg//WF/xcoOzOw9jzwdqE1SsG5n/lwSjyQS2 PFTfDJL21oGdbx0x1Z3j/RlNz5JHYQ6WVf3OQYkjet71edQrVRMy2/uJGtmHUIng dyBqZA6JBUkYxm/OqgxV+F5oH/px01dnIdKLus2Qb7p6CPJegTVz0++6U0MIUlPs d0Q08EqmBvSqznpsOA0DeQkt+Lxp29CqzkTv3f+aFdrRBoUYJkMRS3JPG0NBBo14 ZWMv1ifhikR5SRPDGYyeXaIhn/KrOJDMAkYeMhikV5YEnSdyYqePgVuE51GJjvmz 3X6zgvOWe6+XAH4jy+llCEDwpwLRbbDB6wY1llZzECEdT+Dpr0lg3cFDjVrv3y+6 w812DuXMwX/MbSSK1Vn+KHkpm2z/OM8zQw0fdpXTSd1sbuYjmlqnjlHibhiB9Xl3 sxUJ5cr91KdYAMFAV4n7n3KeAME0H+3dj8ukxEfAe4culu1hrO4SDYXmBx+QhijJ Yt/Io/sNU6Qybni7rc/lmwgRpKA/0ajLeDznnuhrCXcM5twfnRudbOYfQ6YZh2+Y WxiVuuNUN5BJAInozVWGv+B9AxX3MBorEGBVyQlX9nVrlymFPFzsNxr9UEbWpQo5 rFBST2oBfHpCrdbOL2/DRdIpd4IXCfpk0C35cOoyfZvYg2JDY2fhGvsOvUZDSqED B2RjnqNVpjA= =BPLV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements |
| var-201108-0217 | Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417. Adobe Flash Player and Adobe AIR Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2011-2135 , CVE-2011-2140 ,and CVE-2011-2417 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2011:033 Date: Wed, 10 Aug 2011 14:00:00 +0000 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135 CVE-2011-2136, CVE-2011-2137, CVE-2011-2138 CVE-2011-2139, CVE-2011-2140, CVE-2011-2414 CVE-2011-2415, CVE-2011-2416, CVE-2011-2417 CVE-2011-2425 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Flash-Player was updated to version 10.3.188.5 to fix various buffer and integer overflows: - CVE-2011-2130: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2134: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2135: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2136: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2137: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2138: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2139: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2140: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2414: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2415: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2416: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2417: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) - CVE-2011-2425: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Earlier flash-player versions can be exploited to execute arbitrary code remotely with the privileges of the attacked user. For more details see: http://www.adobe.com/support/security/bulletins/apsb11-21.html 2) Solution or Work-Around none 3) Special Instructions and Notes Pleease restart your browser. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=7c71e4aec6afd72e6b40f8cf2817e900 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=377e091a105e9d540a2a90f09cff0a10 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 7) An unspecified error can be exploited to disclose certain information from another domain. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-202010-1327 | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. WebKitGTK is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google). Security vulnerabilities exist in WebKitGTK versions prior to 2.26.4 and WPE WebKit versions prior to 2.26.4. An attacker could exploit this vulnerability to interact with objects in other domains. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. These updated images include numerous security fixes, bug fixes, and enhancements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2020:5634 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64 The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Security Fix(es): * crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563) * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749) * heketi: gluster-block volume password details available in logs (CVE-2020-10763) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - `--to` option does not work with `--credentials-requests` flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted` 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - `oc api-resources` does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in `oc explain` 1880787 - No description for Provisioning CRD for `oc explain` 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - `oc explain localvolumediscovery` returns empty description 1887751 - `oc explain localvolumediscoveryresult` returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service` 1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]: `make check` broken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove ' from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 - `oc adm release mirror` panic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translate `this` without context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 - `Active alerts` section throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describing `ignore-volume-az` is incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Show `kubectl diff ` command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in the `oc rollback -h` help page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port in `from dockerfile` flow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026` 1918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information for `oc new-project --skip-config-write` is wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode` 1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources shows `undefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found 5. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/): 1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror` 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-* 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1667409 - CVE-2019-6251 webkitgtk: processing maliciously crafted web content lead to URI spoofing 1709289 - CVE-2019-11070 webkitgtk: HTTP proxy setting deanonymization information disclosure 1719199 - CVE-2019-8506 webkitgtk: malicous web content leads to arbitrary code execution 1719209 - CVE-2019-8524 webkitgtk: malicious web content leads to arbitrary code execution 1719210 - CVE-2019-8535 webkitgtk: malicious crafted web content leads to arbitrary code execution 1719213 - CVE-2019-8536 webkitgtk: malicious crafted web content leads to arbitrary code execution 1719224 - CVE-2019-8544 webkitgtk: malicious crafted web content leads to arbitrary we content 1719231 - CVE-2019-8558 webkitgtk: malicious crafted web content leads to arbitrary code execution 1719235 - CVE-2019-8559 webkitgtk: malicious web content leads to arbitrary code execution 1719237 - CVE-2019-8563 webkitgtk: malicious web content leads to arbitrary code execution 1719238 - CVE-2019-8551 webkitgtk: malicious web content leads to cross site scripting 1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp 1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution 1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1817144 - Rebase WebKitGTK to 2.28 1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content 1876462 - CVE-2020-3885 webkitgtk: Incorrect processing of file URLs 1876463 - CVE-2020-3894 webkitgtk: Race condition allows reading of restricted memory 1876465 - CVE-2020-3895 webkitgtk: Memory corruption triggered by a malicious web content 1876468 - CVE-2020-3897 webkitgtk: Type confusion leading to arbitrary code execution 1876470 - CVE-2020-3899 webkitgtk: Memory consumption issue leading to arbitrary code execution 1876472 - CVE-2020-3900 webkitgtk: Memory corruption triggered by a malicious web content 1876473 - CVE-2020-3901 webkitgtk: Type confusion leading to arbitrary code execution 1876476 - CVE-2020-3902 webkitgtk: Input validation issue leading to cross-site script attack 1876516 - CVE-2020-3862 webkitgtk: Denial of service via incorrect memory handling 1876518 - CVE-2020-3864 webkitgtk: Non-unique security origin for DOM object contexts 1876521 - CVE-2020-3865 webkitgtk: Incorrect security check for a top-level DOM object context 1876522 - CVE-2020-3867 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876523 - CVE-2020-3868 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876536 - CVE-2019-8710 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876537 - CVE-2019-8743 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876540 - CVE-2019-8764 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876542 - CVE-2019-8765 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876543 - CVE-2019-8766 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876545 - CVE-2019-8782 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876548 - CVE-2019-8783 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876549 - CVE-2019-8808 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876550 - CVE-2019-8811 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876552 - CVE-2019-8812 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876553 - CVE-2019-8813 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876554 - CVE-2019-8814 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876555 - CVE-2019-8815 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876556 - CVE-2019-8816 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876590 - CVE-2019-8819 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876591 - CVE-2019-8820 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876592 - CVE-2019-8821 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876593 - CVE-2019-8822 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876594 - CVE-2019-8823 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876607 - CVE-2019-8625 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876608 - CVE-2019-8674 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876609 - CVE-2019-8707 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876610 - CVE-2019-8719 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876611 - CVE-2019-8720 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876612 - CVE-2019-8726 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876613 - CVE-2019-8733 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876614 - CVE-2019-8735 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876615 - CVE-2019-8763 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876616 - CVE-2019-8768 webkitgtk: Browsing history could not be deleted 1876617 - CVE-2019-8769 webkitgtk: Websites could reveal browsing history 1876619 - CVE-2019-8771 webkitgtk: Violation of iframe sandboxing policy 1876626 - CVE-2019-8644 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876628 - CVE-2019-8649 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876629 - CVE-2019-8658 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876630 - CVE-2019-8666 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876631 - CVE-2019-8669 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876632 - CVE-2019-8671 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876634 - CVE-2019-8672 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876643 - CVE-2019-8673 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876644 - CVE-2019-8676 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876645 - CVE-2019-8677 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876646 - CVE-2019-8678 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876647 - CVE-2019-8679 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876648 - CVE-2019-8680 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876650 - CVE-2019-8681 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876651 - CVE-2019-8683 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876652 - CVE-2019-8684 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876653 - CVE-2019-8686 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876655 - CVE-2019-8687 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876656 - CVE-2019-8688 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876657 - CVE-2019-8689 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876664 - CVE-2019-8690 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876880 - CVE-2019-6237 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876881 - CVE-2019-8571 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876882 - CVE-2019-8583 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876883 - CVE-2019-8584 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876884 - CVE-2019-8586 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876887 - CVE-2019-8587 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876891 - CVE-2019-8594 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876892 - CVE-2019-8595 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876893 - CVE-2019-8596 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876894 - CVE-2019-8597 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876895 - CVE-2019-8601 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876897 - CVE-2019-8607 webkitgtk: Out-of-bounds read leading to memory disclosure 1876898 - CVE-2019-8608 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876899 - CVE-2019-8609 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876900 - CVE-2019-8610 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877045 - CVE-2019-8615 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877046 - CVE-2019-8611 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877047 - CVE-2019-8619 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877048 - CVE-2019-8622 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877049 - CVE-2019-8623 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4627-1 security@debian.org https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-3862 Srikanth Gatta discovered that a malicious website may be able to cause a denial of service. CVE-2020-3867 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting. For the stable distribution (buster), these problems have been fixed in version 2.26.4-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WoACgkQEMKTtsN8 TjbGnQ/7BirfUXyMQ9++MbcuusVvlTEl4ka9pCSb9/+H5YYrNM73gBMdATwVR0ka jSOi2DQZwalJPSEBEy4tg8EmLHVY2qWbJ9gqYjaj6xmz3o2ZPTHlTiEMHdLf2SMp 6EbTo3E8NVHJhSSk+/wthB0ajV2/1it6yUFzPZo50PmbJb4Eh7q9iurO2Hdkd+L9 UXDOFsbYBbaCg7F+08ax1tE73Xa0B61YzJISqWFdLsn3R1a1OoasV1zeK9Gj4AYw sfl8Le5un8zYCKx0sjR6DhZPh998rebOi9RHPiwHQnvRob2gPMFBRGiKiBROGIz3 RAeZ1dMg1vKKV87TpPWpsXHRkXo9wfD+gGULHbriqwdW8YFHGGqB6uZL90IxMDIl EjB9vpVRbDyofkSLg4KOnifYTVntq7nlu62c5s5AooH44TxmLSppcty/fNsKd9Dn r1r8x72OFWRNQT/2dAbcMOYUXXvldNxOriuj4EthPHkL0UDnYbnu2P5rdPMFi4W7 mYIS7qOLPgc6DJ6hfBFIFV84x/jVVorPUdHDH+1yIhHbpGPPGXJlHtkh8eCSOmue zZDmNTRLNwroAkPiGJvPWyfR8VbeX0ok5hWVrjV1zyeIgrFyS6+gGdQt370hbK6g dV+ADko8mhB8cekjVmAW9FT2BZH4Lu/gyoB72LvKGPqC9O93R8k=nQjm -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4" References ========== [ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 |
| var-201912-0617 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Safari prior to 12.1.1. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). Installation note: Safari 12.1.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003 ------------------------------------------------------------------------ Date reported : May 20, 2019 Advisory ID : WSA-2019-0003 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0003.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0003.html CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623. CVE-2019-6237 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team. CVE-2019-8571 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to 01 working with Trend Micro's Zero Day Initiative. CVE-2019-8583 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech. CVE-2019-8584 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative. CVE-2019-8586 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to an anonymous researcher. CVE-2019-8587 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8594 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab. CVE-2019-8595 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative. CVE-2019-8596 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech. CVE-2019-8597 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to 01 working with Trend Micro Zero Day Initiative. CVE-2019-8601 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative. CVE-2019-8607 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Junho Jang and Hanul Choi of LINE Security Team. CVE-2019-8608 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8609 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Wen Xu of SSLab, Georgia Tech. CVE-2019-8610 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Anonymous working with Trend Micro Zero Day Initiative. CVE-2019-8615 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative. CVE-2019-8611 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8619 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab. CVE-2019-8622 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8623 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, May 20, 2019 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE----- |
| var-201202-0075 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. The vulnerability can be exploited over multiple protocols. This issue affects the 'CORBA' sub-component. This vulnerability affects the following supported versions: 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35. Release Date: 2012-03-26 Last Updated: 2012-04-02 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.14 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.14.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 27 March 2012 Initial release Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. CVE-2011-3377 The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. CVE-2011-5035 The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions. CVE-2012-0501 The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service. CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 6b24-1.11.1-1. 6) - x86_64 3. Fix in AtomicReferenceArray (CVE-2011-3571). Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). Better input parameter checking in zip file processing (CVE-2012-0501). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). The verification of md5 checksums and GPG signatures is performed automatically for you. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0322-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0322.html Issue date: 2012-02-21 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPRBvTXlSAg2UNWIIRArkfAJ9B74k5cUjTIZGepTvbu+3kEcMpIgCgo2FR eIi8N5jfo4lIBLPu4EKFpVo= =ChsF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-201912-0621 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the BreakingContext object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. WebKit is prone to a information-disclosure and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the WebKit component of several Apple products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Safari prior to 12.1.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: September 06, 2019 Bugs: #683234, #686216, #693122 ID: 201909-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4" References ========== [ 1 ] CVE-2019-11070 https://nvd.nist.gov/vuln/detail/CVE-2019-11070 [ 2 ] CVE-2019-6201 https://nvd.nist.gov/vuln/detail/CVE-2019-6201 [ 3 ] CVE-2019-6251 https://nvd.nist.gov/vuln/detail/CVE-2019-6251 [ 4 ] CVE-2019-7285 https://nvd.nist.gov/vuln/detail/CVE-2019-7285 [ 5 ] CVE-2019-7292 https://nvd.nist.gov/vuln/detail/CVE-2019-7292 [ 6 ] CVE-2019-8503 https://nvd.nist.gov/vuln/detail/CVE-2019-8503 [ 7 ] CVE-2019-8506 https://nvd.nist.gov/vuln/detail/CVE-2019-8506 [ 8 ] CVE-2019-8515 https://nvd.nist.gov/vuln/detail/CVE-2019-8515 [ 9 ] CVE-2019-8518 https://nvd.nist.gov/vuln/detail/CVE-2019-8518 [ 10 ] CVE-2019-8523 https://nvd.nist.gov/vuln/detail/CVE-2019-8523 [ 11 ] CVE-2019-8524 https://nvd.nist.gov/vuln/detail/CVE-2019-8524 [ 12 ] CVE-2019-8535 https://nvd.nist.gov/vuln/detail/CVE-2019-8535 [ 13 ] CVE-2019-8536 https://nvd.nist.gov/vuln/detail/CVE-2019-8536 [ 14 ] CVE-2019-8544 https://nvd.nist.gov/vuln/detail/CVE-2019-8544 [ 15 ] CVE-2019-8551 https://nvd.nist.gov/vuln/detail/CVE-2019-8551 [ 16 ] CVE-2019-8558 https://nvd.nist.gov/vuln/detail/CVE-2019-8558 [ 17 ] CVE-2019-8559 https://nvd.nist.gov/vuln/detail/CVE-2019-8559 [ 18 ] CVE-2019-8563 https://nvd.nist.gov/vuln/detail/CVE-2019-8563 [ 19 ] CVE-2019-8595 https://nvd.nist.gov/vuln/detail/CVE-2019-8595 [ 20 ] CVE-2019-8607 https://nvd.nist.gov/vuln/detail/CVE-2019-8607 [ 21 ] CVE-2019-8615 https://nvd.nist.gov/vuln/detail/CVE-2019-8615 [ 22 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 23 ] CVE-2019-8644 https://nvd.nist.gov/vuln/detail/CVE-2019-8644 [ 24 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 25 ] CVE-2019-8649 https://nvd.nist.gov/vuln/detail/CVE-2019-8649 [ 26 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 27 ] CVE-2019-8658 https://nvd.nist.gov/vuln/detail/CVE-2019-8658 [ 28 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 29 ] CVE-2019-8666 https://nvd.nist.gov/vuln/detail/CVE-2019-8666 [ 30 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 31 ] CVE-2019-8669 https://nvd.nist.gov/vuln/detail/CVE-2019-8669 [ 32 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 33 ] CVE-2019-8671 https://nvd.nist.gov/vuln/detail/CVE-2019-8671 [ 34 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 35 ] CVE-2019-8672 https://nvd.nist.gov/vuln/detail/CVE-2019-8672 [ 36 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 37 ] CVE-2019-8673 https://nvd.nist.gov/vuln/detail/CVE-2019-8673 [ 38 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 39 ] CVE-2019-8676 https://nvd.nist.gov/vuln/detail/CVE-2019-8676 [ 40 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 41 ] CVE-2019-8677 https://nvd.nist.gov/vuln/detail/CVE-2019-8677 [ 42 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 43 ] CVE-2019-8678 https://nvd.nist.gov/vuln/detail/CVE-2019-8678 [ 44 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 45 ] CVE-2019-8679 https://nvd.nist.gov/vuln/detail/CVE-2019-8679 [ 46 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 47 ] CVE-2019-8680 https://nvd.nist.gov/vuln/detail/CVE-2019-8680 [ 48 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 49 ] CVE-2019-8681 https://nvd.nist.gov/vuln/detail/CVE-2019-8681 [ 50 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 51 ] CVE-2019-8683 https://nvd.nist.gov/vuln/detail/CVE-2019-8683 [ 52 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 53 ] CVE-2019-8684 https://nvd.nist.gov/vuln/detail/CVE-2019-8684 [ 54 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 55 ] CVE-2019-8686 https://nvd.nist.gov/vuln/detail/CVE-2019-8686 [ 56 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 57 ] CVE-2019-8687 https://nvd.nist.gov/vuln/detail/CVE-2019-8687 [ 58 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 59 ] CVE-2019-8688 https://nvd.nist.gov/vuln/detail/CVE-2019-8688 [ 60 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 61 ] CVE-2019-8689 https://nvd.nist.gov/vuln/detail/CVE-2019-8689 [ 62 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 63 ] CVE-2019-8690 https://nvd.nist.gov/vuln/detail/CVE-2019-8690 [ 64 ] WSA-2019-0002 https://webkitgtk.org/security/WSA-2019-0002.html [ 65 ] WSA-2019-0004 https://webkitgtk.org/security/WSA-2019-0004.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201909-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Installation note: Safari 12.1.1 may be obtained from the Mac App Store. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-28-2 iCloud for Windows 7.12 iCloud for Windows 7.12 is now available and addresses the following: SQLite Available for: Windows 7 and later Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-6237: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Installation note: iCloud for Windows 7.12 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlztSiMpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GVuhAA tweBnWjA8emUMYG5D2vwjBIW9NPmT2hwrc99HrHd7kEE0R9XS2ZQz1qZcpevzjUv X/fNQqpfdQZ58Jtrd5MTlG4xDBEgfyAZuPP15HPAAo81+0dolTmPO3jKcPbwxkrn Gcg8kvOhBVElk9uTn3nCN2EVlkwqNgGclRZALVxMWdix/KyvrTfyF600zX7pU+9T zz1cLcNTN2EjXxDQ3NzUkJ7o0U8XDwDkfxeKR05qKy3W6w2QIN4a03v0HE8q1jpJ 7kkTDGsRKDrsus0i7HX5FZWbl3fmt2Jynaenor4bXh9VYiFkifWZHR1E8Za24XsE o0rlk0m8OkdMxmHzcTM7jmRCxSg6IBDowgxriLY4rKQKgsUpPz7ZUc7/VZJwBnwP H5Pdwpd3yVZcxhmrguB2chx/c6Cebf+wLIP0wS+uqYdTmbGU/3gRIOuT0XYVJ1Rd Vp1K8ifQw7hb8VXqH/R42QGjfHtPl0lwLc/e8J29oDWQdAIt3IFWLDIrQez8s1ah /Bq12Mm56JFxfWdkJ7hXsxUss9dTM+eqARsm1g1HbWB/1LLcxIsFwUMK53Az8OuN xt1wr24zmE3yXsVzxJOPjeDK7/akz1R1GZYogR/Ynz3O1Puxno0qUrPzDJ2Hq1Vp hNRdKPmbN2ljIgtYEPc9dj5GHk0XOZbKcKCB6xrjxuY= =NGSy -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0003 ------------------------------------------------------------------------ Date reported : May 20, 2019 Advisory ID : WSA-2019-0003 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0003.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0003.html CVE identifiers : CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623. CVE-2019-6237 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team. CVE-2019-8571 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to 01 working with Trend Micro's Zero Day Initiative. CVE-2019-8583 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech. CVE-2019-8584 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative. CVE-2019-8586 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to an anonymous researcher. CVE-2019-8587 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8594 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab. CVE-2019-8595 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative. CVE-2019-8596 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech. CVE-2019-8597 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to 01 working with Trend Micro Zero Day Initiative. CVE-2019-8601 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Fluoroacetate working with Trend Micro's Zero Day Initiative. CVE-2019-8607 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Junho Jang and Hanul Choi of LINE Security Team. An out-of-bounds read was addressed with improved input validation. CVE-2019-8608 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8609 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Wen Xu of SSLab, Georgia Tech. CVE-2019-8610 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Anonymous working with Trend Micro Zero Day Initiative. CVE-2019-8615 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative. CVE-2019-8611 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8619 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab. CVE-2019-8622 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. CVE-2019-8623 Versions affected: WebKitGTK and WPE WebKit before 2.24.0. Credit to Samuel Gro\xdf of Google Project Zero. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, May 20, 2019 |
| var-201110-0444 | Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 " References ========== [ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1 Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1 Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2 Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3 In general, a standard system update will make all the necessary changes. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for quagga SECUNIA ADVISORY ID: SA46214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for quagga. ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6. For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 ===================================================================== 1. Summary: Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587) 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-200906-0593 | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. Linux kernel of r8169 The driver MTU Service operation disruption due to incomplete processing of Ethernet frames exceeding (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. The Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to deny service to legitimate users; other attacks are also possible. The following are vulnerable: Linux kernel prior to 2.6.12 Linux Kernel 2.6.30 and later. The NFSv4 implementation is one of the distributed file system protocols. The vulnerability is related to the wrong behavior of the value of the status register and the RxMaxSize register. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0009 Synopsis: ESXi ntp and ESX Service Console third party updates Issue date: 2010-05-27 Updated on: 2010-05-27 (initial release of advisory) CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 CVE-2009-3563 CVE-2009-4355 CVE-2009-2409 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-4212 CVE-2009-1384 CVE-2010-0097 CVE-2010-0290 CVE-2009-3736 CVE-2010-0001 CVE-2010-0426 CVE-2010-0427 CVE-2010-0382 - ------------------------------------------------------------------------ 1. Summary ESXi update for ntp and ESX Console OS (COS) updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo. 2. Relevant releases VMware ESX 4.0.0 without patches ESX400-201005401-SG, ESX400-201005406-SG, ESX400-201005408-SG, ESX400-201005407-SG, ESX400-201005405-SG, ESX400-201005409-SG 3. Problem Description a. Service Console update for COS kernel Updated COS package "kernel" addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005401-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 4.0 ESXi ESXi400-201005401-SG ESXi 3.5 ESXi affected, patch pending ESX any ESX not applicable vMA any RHEL5 not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005401-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending** * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** see VMSA-2010-0004 d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005406-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005408-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX ESX400-201005407-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005405-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005409-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- http://bit.ly/aqTCqn md5sum: ace37cd8d7c6388edcea2798ba8be939 sha1sum: 8fe7312fe74a435e824d879d4f1ff33df25cee78 http://kb.vmware.com/kb/1013127 Note ESX400-201005001 contains the following security bulletins ESX400-201005404-SG (ntp), ESX400-201005405-SG (gzip), ESX400-201005408-SG (bind), ESX400-201005401-SG (kernel, openssl), ESX400-201005406-SG (krb5, pam_krb5), ESX400-201005402-SG (JRE), ESX400-201005403-SG (expat), ESX400-201005409-SG (sudo), ESX400-201005407-SG (gcc). 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382 - ------------------------------------------------------------------------ 6. Change log 2010-05-27 VMSA-2010-0009 Initial security advisory after release of patch 06 bulletins for ESX 4.0 on 2010-05-27 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkv/V8IACgkQS2KysvBH1xnqNgCcCwwelsQK6DQjcTc2wnIPp0EW E70An2gfkiCQ5FNqvf3y+kNredxyVZwI =JW3s -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-947-1 June 03, 2010 linux, linux-source-2.6.15 vulnerabilities CVE-2009-4271, CVE-2009-4537, CVE-2010-0008, CVE-2010-0298, CVE-2010-0306, CVE-2010-0419, CVE-2010-0437, CVE-2010-0727, CVE-2010-0741, CVE-2010-1083, CVE-2010-1084, CVE-2010-1085, CVE-2010-1086, CVE-2010-1087, CVE-2010-1088, CVE-2010-1146, CVE-2010-1148, CVE-2010-1162, CVE-2010-1187, CVE-2010-1188, CVE-2010-1488 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.84 linux-image-2.6.15-55-686 2.6.15-55.84 linux-image-2.6.15-55-amd64-generic 2.6.15-55.84 linux-image-2.6.15-55-amd64-k8 2.6.15-55.84 linux-image-2.6.15-55-amd64-server 2.6.15-55.84 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.84 linux-image-2.6.15-55-hppa32 2.6.15-55.84 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.84 linux-image-2.6.15-55-hppa64 2.6.15-55.84 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.84 linux-image-2.6.15-55-itanium 2.6.15-55.84 linux-image-2.6.15-55-itanium-smp 2.6.15-55.84 linux-image-2.6.15-55-k7 2.6.15-55.84 linux-image-2.6.15-55-mckinley 2.6.15-55.84 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.84 linux-image-2.6.15-55-powerpc 2.6.15-55.84 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.84 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.84 linux-image-2.6.15-55-server 2.6.15-55.84 linux-image-2.6.15-55-server-bigiron 2.6.15-55.84 linux-image-2.6.15-55-sparc64 2.6.15-55.84 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.84 Ubuntu 8.04 LTS: linux-image-2.6.24-28-386 2.6.24-28.70 linux-image-2.6.24-28-generic 2.6.24-28.70 linux-image-2.6.24-28-hppa32 2.6.24-28.70 linux-image-2.6.24-28-hppa64 2.6.24-28.70 linux-image-2.6.24-28-itanium 2.6.24-28.70 linux-image-2.6.24-28-lpia 2.6.24-28.70 linux-image-2.6.24-28-lpiacompat 2.6.24-28.70 linux-image-2.6.24-28-mckinley 2.6.24-28.70 linux-image-2.6.24-28-openvz 2.6.24-28.70 linux-image-2.6.24-28-powerpc 2.6.24-28.70 linux-image-2.6.24-28-powerpc-smp 2.6.24-28.70 linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.70 linux-image-2.6.24-28-rt 2.6.24-28.70 linux-image-2.6.24-28-server 2.6.24-28.70 linux-image-2.6.24-28-sparc64 2.6.24-28.70 linux-image-2.6.24-28-sparc64-smp 2.6.24-28.70 linux-image-2.6.24-28-virtual 2.6.24-28.70 linux-image-2.6.24-28-xen 2.6.24-28.70 Ubuntu 9.04: linux-image-2.6.28-19-generic 2.6.28-19.61 linux-image-2.6.28-19-imx51 2.6.28-19.61 linux-image-2.6.28-19-iop32x 2.6.28-19.61 linux-image-2.6.28-19-ixp4xx 2.6.28-19.61 linux-image-2.6.28-19-lpia 2.6.28-19.61 linux-image-2.6.28-19-server 2.6.28-19.61 linux-image-2.6.28-19-versatile 2.6.28-19.61 linux-image-2.6.28-19-virtual 2.6.28-19.61 Ubuntu 9.10: linux-image-2.6.31-112-imx51 2.6.31-112.28 linux-image-2.6.31-214-dove 2.6.31-214.28 linux-image-2.6.31-214-dove-z0 2.6.31-214.28 linux-image-2.6.31-22-386 2.6.31-22.60 linux-image-2.6.31-22-generic 2.6.31-22.60 linux-image-2.6.31-22-generic-pae 2.6.31-22.60 linux-image-2.6.31-22-ia64 2.6.31-22.60 linux-image-2.6.31-22-lpia 2.6.31-22.60 linux-image-2.6.31-22-powerpc 2.6.31-22.60 linux-image-2.6.31-22-powerpc-smp 2.6.31-22.60 linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.60 linux-image-2.6.31-22-server 2.6.31-22.60 linux-image-2.6.31-22-sparc64 2.6.31-22.60 linux-image-2.6.31-22-sparc64-smp 2.6.31-22.60 linux-image-2.6.31-22-virtual 2.6.31-22.60 linux-image-2.6.31-307-ec2 2.6.31-307.15 Ubuntu 10.04 LTS: linux-image-2.6.31-608-imx51 2.6.31-608.14 linux-image-2.6.31-802-st1-5 2.6.31-802.4 linux-image-2.6.32-205-dove 2.6.32-205.18 linux-image-2.6.32-22-386 2.6.32-22.35 linux-image-2.6.32-22-386-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-generic 2.6.32-22.35 linux-image-2.6.32-22-generic-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-generic-pae 2.6.32-22.35 linux-image-2.6.32-22-generic-pae-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-ia64 2.6.32-22.35 linux-image-2.6.32-22-ia64-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-lpia 2.6.32-22.35 linux-image-2.6.32-22-lpia-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-powerpc 2.6.32-22.35 linux-image-2.6.32-22-powerpc-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-powerpc-smp 2.6.32-22.35 linux-image-2.6.32-22-powerpc-smp-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-powerpc64-smp 2.6.32-22.35 linux-image-2.6.32-22-powerpc64-smp-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-preempt 2.6.32-22.35 linux-image-2.6.32-22-preempt-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-server 2.6.32-22.35 linux-image-2.6.32-22-server-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-sparc64 2.6.32-22.35 linux-image-2.6.32-22-sparc64-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-sparc64-smp 2.6.32-22.35 linux-image-2.6.32-22-sparc64-smp-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-versatile 2.6.32-22.35 linux-image-2.6.32-22-versatile-dbgsym 2.6.32-22.35 linux-image-2.6.32-22-virtual 2.6.32-22.35 linux-image-2.6.32-306-ec2 2.6.32-306.11 linux-image-2.6.33-501-omap 2.6.33-501.7 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271) It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537) Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008) It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419) Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437) Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727) Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741) Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083) Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084) Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. (CVE-2010-1085) Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086) Trond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087) Al Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088) Matt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. (CVE-2010-1146) Eugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148) Catalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. (CVE-2010-1162) Neil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187) Masayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188) Oleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. (CVE-2010-1488) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-55.84.diff.gz Size/MD5: 2960435 33b09ecaf8a52ac8518c34163d53c5ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-55.84.dsc Size/MD5: 2439 ddd8f898074d4b56e18fa00cecaed4d9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15.orig.tar.gz Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-doc-2.6.15_2.6.15-55.84_all.deb Size/MD5: 5166142 6bb2a7cc886f5f258e598f8257386c4c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-kernel-devel_2.6.15-55.84_all.deb Size/MD5: 96900 4d56e3ffc13abbd559252d961582928e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-55.84_all.deb Size/MD5: 44742758 a29467cb2571e45b5ba4cc52f49d402e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 22344 22df0e2142b58bfc5089997ba68f8a32 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 44772 e38fce9b303eb280f9de5b6bf4321539 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 2312 519dde14b25bcb6f72b50b10fb2b8c42 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 36298 529530b75bc9d308a36945e253829337 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 102370 db98ff5f9e6e356af90422da4190fcba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 38890 0d2cb99466cf014ba83ad3a38cd759f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 49144 7e51d739d81751a717fd33393d9b5698 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 176620 61c26ebee2f9b56ab2ae781caaa78f16 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 36774 32797f4fc4204eeb5185a17019dc5cd2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 142346 50314cb83693e27a2f515836bfb81adf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 51062 c7f26b13e057743d95d90c6ed1feb7be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 140712 60824c117e8e10faa8502405dc64b756 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 287612 e599c71e4f9f791bfcbb5a8e148fa02d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 97832 923d2dbedfa2bb0ce20db2af510ec3ae http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 1652310 a49bd3692b26b2776eddd3218049ad31 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-generic_2.6.15-55.84_amd64.deb Size/MD5: 869218 c54b14fff14e6f36a6f5424bf28ba5ba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-k8_2.6.15-55.84_amd64.deb Size/MD5: 868510 e7741f1995f864eea030c242abac8085 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-server_2.6.15-55.84_amd64.deb Size/MD5: 871276 ad7e3f9695e48c13d78024d9cebb4bdc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-xeon_2.6.15-55.84_amd64.deb Size/MD5: 870704 c3dd9b5335fa41ab82df7f691cee2a46 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.84_amd64.deb Size/MD5: 6925588 e85a966dd3fd31a092a504e4c4383820 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-generic_2.6.15-55.84_amd64.deb Size/MD5: 20817472 f8e7d44b2a3bd9dc72917fd16c2628ff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-k8_2.6.15-55.84_amd64.deb Size/MD5: 20798306 fe88a926a6ce4b4465ad88a493a48357 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-server_2.6.15-55.84_amd64.deb Size/MD5: 21635330 8174ddfff1140d94b76678739c9f15c2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-xeon_2.6.15-55.84_amd64.deb Size/MD5: 19905746 58501fc8aca4794202804578b4e29415 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 15626 94656d1862678ee9b6a3a62f90919629 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 240372 faf0cd25cfd49759685f8a9b725e305d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 202684 fec1b04e98e48c0e354e9a47cb00d601 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 1048610 a5ff74bb5b40c0b6929d535abade30be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 1543792 217e245037c3d6c48687b594c932025b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 161696 969b188d1e7f285fc30f39e17ebd349b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 9834 c6278cf04b4dbb788d0eebaf599c005e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 80872 2fb47b12ddf5767a51bdc1d4e1f05e52 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 49294 f27115bb56ba683c95c915de40a46afc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 35162 4e92b8742d5ad65bf0d915d9c216c4ce http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 70894 c7525221ee4847b254c1839cdd4d0b31 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 6220 8d1ee1256a6d3942c10dd7731bd34d21 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 9062 f120989e7b729addea0a373b6c6b81a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 57922 16f0dd4d6e989ec1684074667b9c1133 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 123378 b2797adf33289dd9c99525971a8d001b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 101080 0b923143d4fb260149446550b64529d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 79278 950ccff4d598e5f9c62d4ffcea1b4b66 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 1595422 5d2e9b2d898d39363c3cab3c67391c0f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 72356 2fdf60644e4d13a5c9732d48e3b6b025 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 12648 7a5b7c88d879c5f8611add807b77dff5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 33808 f48b8b878206b3f559826c9177935c7e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 138510 27d844c2fc790a35b13b9b68c0748ec0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 38938 c50f0d87787aacbb068bd4bfac99a953 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.84_amd64.udeb Size/MD5: 278876 09d4db859ee11c8c17a5c755a38e103c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 18976 1d3b491a97a3cafd02b9492bbf7f320c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 43488 3592e8676adb913653d31fd7d9254ab6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 105206 87f8b212932688293624f3c1e59c315e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 2286 a8cbb01c110d4788b8464a3ff357a6d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 34576 0d581950d36489a0ebc2e7aa43871105 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 97044 3e789df7024c53456caf5ce65a095c3c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 37132 fb21ce86da4297933bdd3acaeb02568a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 44126 a0e10d7f107c376bd0376cbeb7589d12 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 167738 d6417b63d8c5511f21bc7857b1e6ef23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 33950 d833056cd1d32851c93cc61d3780b258 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 137978 3c251b1f57940da0f22e496ab4d9f6d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 46902 a916219f56dc797576f7cdf42535fe44 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 133154 fdfe5b2d21ec36137e19d638cec2a39d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 273800 05e8313fec49c11084adb52deb26878d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 102328 ce88505cda9ff607c7bb685c60a4fb75 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 1597794 7a8768bb650b30137362b93c9aa2e4f5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-386_2.6.15-55.84_i386.deb Size/MD5: 857150 2de1fda09c98f8c7c0f5bb5adaf4dade http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-686_2.6.15-55.84_i386.deb Size/MD5: 858572 83f459c63da9ce886855913a4012edf2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-k7_2.6.15-55.84_i386.deb Size/MD5: 859816 5fb638b3b741914410eb7fb331dc352e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-server-bigiron_2.6.15-55.84_i386.deb Size/MD5: 861156 732a23b93ee499deda765ee8dcd66346 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-server_2.6.15-55.84_i386.deb Size/MD5: 860324 57519a85aad5ad19b617c4676f28d7f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.84_i386.deb Size/MD5: 6918250 084d1cf58595b1cbadcbd7f16dc39756 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-386_2.6.15-55.84_i386.deb Size/MD5: 21724888 f5fca5f423472946432ed46a990c1ddf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-686_2.6.15-55.84_i386.deb Size/MD5: 22517998 6ef9d114c0f9989e9e5a0a6d4af64cd8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-k7_2.6.15-55.84_i386.deb Size/MD5: 22265884 1ee20e38ac15055088248b99fe684e43 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-server-bigiron_2.6.15-55.84_i386.deb Size/MD5: 23627106 b63abff51aa83dc377d5eb9235972302 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-server_2.6.15-55.84_i386.deb Size/MD5: 23179652 98de15fe41e4afa4100f6105b8003f8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 15510 9190bfcba4e54f10b48d3419f7c3d368 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 238512 1ab04364f536a96b5c2a127765f496da http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 197142 3f27653e150b8dba0ee8b187d8826f5e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 1048396 03a161c4b52eb41c6d401133cd32557b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 1741516 b42acfc4c67ddc9f0ee62bca1b54974e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 160898 fb7d22beea89de5012d2216d0eda3a6a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 9166 38112f1195a5bb82137e1896994656fc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 76470 c9b373c18450b29f9de3b1679249d31e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 53548 6b3491987d4f627c910d1823727dac53 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 33052 ddfeb1282d026c9b32978a5e04f1d3bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 85628 cf78a570b17bd819e61dc92f8a12355b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 6016 3e488082205ca42452081010da71004a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 8760 350a58a2f466e3f592b2c7bd2e8988bf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 53636 3684ebb027993d843a17bf4c72b02b65 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 130960 de27399a7d9abfb5f51abaeecc76ae6c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 98472 5a5a0a34b4f405bcf0936087cf616586 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 77214 fb39917bbdb208d34fe6a74f0e83d53a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 1768884 6cb328e8edc6b0a0fd27f2a90042c30a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 69614 2d2f95e1dba3de3dd1d963fb1f953e00 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 11766 26e704eca4b49d3428687a2529990418 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 36106 522f5775e1a85646cc4d646f6eec6cc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 132660 97ac208287c24264bc384b1e1f253ab7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 38574 d825ca1fbb12c5a8cd2d15b094726011 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-386-di_2.6.15-55.84_i386.udeb Size/MD5: 299152 345d6c44429a0a6af9d23179fb78ec8d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 23728 02cb39b583ee98c8d1a57ce3e5b163c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 26006 87d2de748a7344d11fb11f8264571dd6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 49334 0847429f9dedb0f286d1c32cb3e8f467 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 51536 9ec5c9b175a6728442ddf73aa218592f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 2306 b23053a32da0479242caeff6e2ae8b6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 2482 05329a184127afb2a7e48d427feafbf2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 40308 cd883cbcca861116d2518f57f47dc941 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 43844 a1c3942c443e444816749c64439275e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 112600 098304fe251f9d8c49849946d8ac2aeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 120740 df40f802ec2ee163a813ea0a3603aeb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 40906 6cc3a287b3274036e57638d951480d97 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 46002 f8964625617902880cc24e8e22e03ba9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 29026 8607a334399fbe27ee424e5bc0a20103 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 29894 9e6fe015d74dd83cccedcfd8f396fbd8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 211398 ad7cb3fdf5693590d0f7056e8b9acc6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 225188 6a00a7254a9a82981f23823145ca5a26 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 45056 c00c74d1ffa33fb6575e59067c90cfa0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 40224 ca94464b9c6eca3e9c8eeec160125e88 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1940 70846ff3e24ac904d034f07126d64a9d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 2200 fa5bc162b62817d3c9f5c055d88d6016 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 80762 dead1604f5dff825e55e5299d06488dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 86134 50f5270dc53e13c36aa423d3fb6b0af1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 111594 64c98d595b636e46123746b50eb18cd8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 125750 cad66f8b2febf24ba43c5a7db6a22312 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 53424 c668f84292a263caef7ce813b769822e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 58488 8903219e8e58a8d79564945284f00e34 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 147966 1566e7aa02add4341766fd937fc907ca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 161910 164c7d5ef77d1693a631ce60fcc4ef8d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 318400 a6441e2cd0b1b9ecb1601516f89ff6ee http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 288040 bd11c9922fea1638ce64b776f060f81f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 115862 9eb166a9f0fb53dfd89d657cc835d10f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 116550 41e72d8893ca5a8351df20b6c7c5d2bf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1925168 1ad660874ee5005becbc5841bf0e9b99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 2449218 45d3b3e3f88b9e764c3243c2858d3730 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-powerpc-smp_2.6.15-55.84_powerpc.deb Size/MD5: 867470 f6031f3c87c28ee40eefa25086b71c52 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-powerpc64-smp_2.6.15-55.84_powerpc.deb Size/MD5: 868848 cd0781159d8768b9c92bae2d844d7b6a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-powerpc_2.6.15-55.84_powerpc.deb Size/MD5: 870010 f3f837cb5cd7e1fe97182ddbb7eb1a56 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.84_powerpc.deb Size/MD5: 6946990 d65d0ad6fdc2493e7e6c1a9d567424f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-powerpc-smp_2.6.15-55.84_powerpc.deb Size/MD5: 22784626 aef1ff7ccf13cd2e2d41c80f22264eeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-powerpc64-smp_2.6.15-55.84_powerpc.deb Size/MD5: 23693200 0443d7e8b68c5f89aaf7e02e666077f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-powerpc_2.6.15-55.84_powerpc.deb Size/MD5: 22365476 97b5182024c5fe55fe1d45b23a39a277 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 17786 39dca7a61069a0e3c0877662e3fbb571 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 17392 b0b9f69f913131d17af3ab6d4bd6e8b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 261374 b0b06da41991553a487982e73fe34176 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 282628 81e78bd764bb0fc65be704f3f0be4db6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 227826 39456da28b0f6baa3b74b842eba6acf0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 248944 94f3cc4cabe7f4344ea0c6ca8d6487d9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1048472 a6d7ef42bf3b8de677ec5fe562228e7c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1048600 5e01699eaac6cd159a04c724e442e321 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1738662 d43bf20af0979b29ad1c6df616862056 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1878206 711e748077e06773658c64416bfa83be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 250824 9d2ad9e9b79a628140775760c6fb2493 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 233538 0730a8fbc4148651919c3a74c3e1face http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 13058 11382e6f8ed79855a01a6151733d4549 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 13532 ad6adbe2c5040390d563fb6221a7a346 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 84800 0159144d3b6d69b9e319731669dea56e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 52202 9ddf5200aca5383eae56f5b7ab414c3d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 73934 43991eb97d8f163e7763dc89cef5b1aa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 85852 20dd6d2d5ea003539e1b4f7f37bb83ba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 6622 2d7cc5ebe8079dd0fae1860409cf1a8b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 7060 4dc37eb02f6742808d26548a0ecb79ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 60382 24f359b6596789e61bbd001fd90c5a04 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 70426 8128abfff4f7ab8f32370a151dd27602 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 128552 86b1f62ab4d815af984fea8e0556fd0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 157952 675fec1992efcfa46cf0043e3507513d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 108160 eb2056a3b1940d3b3b27adcb8df1e68c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 126140 d1c23f615d6aeebe6594386d424ef7f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 87300 47e6e945e4651347cde5e76965131a99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 93364 802c107ffe461103294fd58c1d12b139 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 2014806 d15cb3eea9558346c08029994feba932 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 1988698 47499eab748909cbc24d41eb251bd57e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 104128 3e626e3e4c59a16338d00953874420d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 115796 5ff731f56aac5f43999c70e98d250892 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 12740 3b4d8bea0a856073ea6116bcdafed867 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 14446 9796772a49dc9688c64fde72be43f446 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 39954 6491b77cf30155c06612af32748ab26d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 41542 c99144c5929ec38a934702c2e041e0df http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 149346 8d4aab9ae6c9f04ed1d4968708c14c88 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 168124 72dcb481cb91bfb750e7d7cb3b2bab4c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 42314 7f7347a9dfcafcc43469d4d4364c1af8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 44916 2641528d804b1c1dd2f7d0e04f3a044b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-powerpc-di_2.6.15-55.84_powerpc.udeb Size/MD5: 320330 6aff8b286b3ddf7dfc33ce99f504f1e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.84_powerpc.udeb Size/MD5: 324878 11ab2f5d09092b3f9797e673e413ab2c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 50478 116bcbef4cbedbce5345d410424b6463 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 2354 df747032ea1217e02817c8dec92bcd75 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 40376 4337e5c50ab6220a5ee46b46f98669f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 110558 bfa3abba4946456a8f6d99a1a405f72e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 41214 7fa46c5fc72ef82e476804fcb3c3560e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 104226 3208d817b562267bba9539f854fe388b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 7436 87a0b43fa978113a74cb8e79b8dd4774 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 149312 9341cb99291093f7e5624f6e9f3c9daa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 1712908 f0e841e92ee8a38b75543485f86a2b4c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-sparc64-smp_2.6.15-55.84_sparc.deb Size/MD5: 771900 6c8197f994e366ec847414a13eb7b906 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-sparc64_2.6.15-55.84_sparc.deb Size/MD5: 771444 46d3fb1d75439b65635bfaac6d653d74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.84_sparc.deb Size/MD5: 6963130 11d85b5ba6c6e5d333b860b7a5163b5d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-sparc64-smp_2.6.15-55.84_sparc.deb Size/MD5: 15016950 1f36bbfe3b2db1e844d76d984a4a661a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-sparc64_2.6.15-55.84_sparc.deb Size/MD5: 14832050 bc36836f43a994fb29143301526c2ace http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 7436 76dc77e08053d579849c4c09c8328b80 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 248770 dd30a7c1c47f07012b5bf0ee7fd16ca4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 212536 bf4b63251214a4622ce5a55f902203bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 1048476 575854b9cc92279f65c4acfa0a60e43c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 1482448 de80e93cfd56c729a74ded3b97946846 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 10114 4a3f85652ffd60eb4a94ab3093227db2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 40176 660660949865f2de6403ad165b9faa60 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 9368 65475425005847418b7d9380e4fed4a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 61402 264bfd4456975f04ca592789983eb77b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 163278 1df17d4edff53b6e1102ab15ff671216 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 64092 52a9af94cf9a1ace816d3b1b727738dd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 1235410 e44d8dda7d391021570cc0a826f6c5fd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 59308 00fbe909018b76d099f47d9c39d72a26 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 37426 56112905d8bef55a258eb7aa59cb946b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-sparc64-di_2.6.15-55.84_sparc.udeb Size/MD5: 280130 fb9c0d56db0d19a09524d36af51f4687 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-28.70.diff.gz Size/MD5: 4813262 c1da8b33fcf63ededcc7ab2498e4c964 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-28.70.dsc Size/MD5: 2258 f1f1a3629c40ac86e1b6172f2f3966cc http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24.orig.tar.gz Size/MD5: 59085601 e4aad2f8c445505cbbfa92864f5941ab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.24_2.6.24-28.70_all.deb Size/MD5: 4932582 c75bb688dfed58df39fa72161bc6471c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28_2.6.24-28.70_all.deb Size/MD5: 8149016 f80aeb18376bc0371a80a5acbbc4f042 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-kernel-devel_2.6.24-28.70_all.deb Size/MD5: 100904 3996ef6a1321c852676912837f7d9896 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.24_2.6.24-28.70_all.deb Size/MD5: 46982104 a90fab943db79ec907e1cbf97c869092 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 28610 b861f6c6aa20728c83bbc0ec9ae239a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 224204 bd768c83d861caa00758232ec48f21f7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 52648 663642186c3344039e31afcf1d88b48f http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 40640 9ea576c926e3b3b68dd2f98f2c7b634f http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 48646 d00ff865f10bd95cfe0d7f556fd96135 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 86332 d969a4a0657104af706645718743733d http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 36314 98ac23e9bc91e2a54840f86bdd6e96ad http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 648768 458b6968f63bc8134e62c47e8a9be732 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 209944 04c1a8cd3bf7a25da0e78fbb8f90d111 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 39192 254eeda71366bfe9c3e4f7b56828f526 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 67984 29f9c63dbfd2f8f86ea71b2e9cae813b http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 145448 689d507482ed8b85fd15f33d8bdfe737 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 287268 73a2edaf7afc4a65aa77e8995ed3b3e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 2130812 20affc23d001c3a542b0adfa947e12eb http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-generic_2.6.24-28.70_amd64.deb Size/MD5: 675578 f6d7fe8d4eda5ed7e6e4edd2ab9fa2ec http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-openvz_2.6.24-28.70_amd64.deb Size/MD5: 1254372 28e7eaca202b7aefa71b0e3e943d98a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-rt_2.6.24-28.70_amd64.deb Size/MD5: 1276462 1d5f451c0c43c965d585e34d0799dc77 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-server_2.6.24-28.70_amd64.deb Size/MD5: 675490 1ea0767f5025162a3350687d3977c1a1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-xen_2.6.24-28.70_amd64.deb Size/MD5: 1086568 643d57e3d1cbb403787588819535ba3a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-28-generic_2.6.24-28.70_amd64.deb Size/MD5: 17815434 ca2be2f4f00cd6c412beec384e6569d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-28-server_2.6.24-28.70_amd64.deb Size/MD5: 17785084 624ae6cd24926052048734802477e137 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-28-generic_2.6.24-28.70_amd64.deb Size/MD5: 21063276 fa087ed3f1b02b40b09dcfe89d45f73d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-28-server_2.6.24-28.70_amd64.deb Size/MD5: 21435602 6dac3b165e31f9409240389cd33138ee http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-28.70_amd64.deb Size/MD5: 709144 770ddfa645769cb3bbd36fd3213da463 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 263670 68ff4af3d2752a5d3965eff926890319 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 176414 a2b597847575190f35acc23e2230fee8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 254100 6c70433fbed951cd97797092952efc2b http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 1642020 5664065e58da802295747e9c7c21b698 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 143712 9a418be17d9afe53a5c7add5e90a28b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 164464 325e24198ba529100a5840ae1b0e2550 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 115852 6b155bc2fa1e59e144c57fad46a9acdd http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 35060 73537c193f7fa3caf4007cc7348e9d28 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 64402 7760e6acdb5dda4b37ffd2fdd33ae658 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 69710 e6bcf4e9b94aaf83a2fd640e7364a34e http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 21596 805227e007ba9dee7f04bf59aafb050c http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 8616 16e18d90244e835d0cbc5ae9c571c641 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 57230 06f30cc1a982671b53e5ca5c8d362aea http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 103038 e571751777dc6cdc16f498add459f799 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 1212558 c1a1947cc4f37c7b1479ece74e399a51 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 45496 6f25ee67a63dfc757d82883b8162b268 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 12774 87bfa70fab065ed960c4249106df6219 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 499398 f50e6a5d591d124ea04b8e5c19683404 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-28-generic-di_2.6.24-28.70_amd64.udeb Size/MD5: 75052 f0253d9acbcf3f06cd0da60e7457c50d http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-28-openvz_2.6.24-28.70_amd64.deb Size/MD5: 19262374 07ff7910c9e0ae1589fcaf93c1fb8acd http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-28-rt_2.6.24-28.70_amd64.deb Size/MD5: 17913162 6999b14fbb5cc112d64c9bfcbf475477 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-28-xen_2.6.24-28.70_amd64.deb Size/MD5: 18914794 a43117499bda8bccd98e185bde493749 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 23686 18bd8e09ccdca0f38c09197958ac5524 http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 26796 46c1f483a8ad20c903e6354c68ee3389 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 218826 7a0c579b79c0d53f5d8cb405070c7e38 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 220472 70a3539d19ebf9be4e7aed9141f64945 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 51924 ed915e6f13fa7a452e37810ed2589698 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 52058 9c19d0affe1777b36dbcd835e95a72b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 38326 a9041a4039d457f26060784b609ba48c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 39078 393f5a163cbad634e8ba8ff17866e315 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 45994 0b5101e40b38f62278cca75a543f88d0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 46166 8a3cd2550f4bc59515ee72f87d40e093 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 83250 4f57f0e75de3e3884c350df0a92646d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 83650 a29ba07db6908cc0dcfc6fa69c5d154f http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 32396 e09725b6cd2edb1c99b954931ea30a3d http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 32674 74a1c018bdd24a81f56e2f5ca76c86f2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 637742 bb0af8a13cbf714fbbe316376f843bbb http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 655916 503b7879d411c641f10d813d027e745c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 209854 ff86bb3742203e7bd44a5db87ce40361 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 213616 aa25de1453a8512619d62d66a98c783b http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 46562 90e5237cdfc6e54b145b6e13ffdda47d http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 47604 a9d621b700d5b56e23025357604f0487 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 62268 e00dd9915a2e92d3b4a7d7908b2194fd http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 63630 8d854a96bc559b4d87294ece7e79d03c http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 130542 2e4009a596d1672486dee5aa3c8b2423 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 137028 da2ceb3ce4e2f0dcfd70cafba0d3eade http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 279082 63e74d6a553fb1725f661340eec544a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 277692 6cad6bee962600c17282346550b40ddd http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 2012888 14bce971d0e20c69df861da2a2b960bd http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 2089262 98b4049286d60bfd3473da45ce332991 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-386_2.6.24-28.70_i386.deb Size/MD5: 656922 58714a2e1fcc17e1fd89740aeee114f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-generic_2.6.24-28.70_i386.deb Size/MD5: 659532 f17700bc40e9e3e0d003225207da7c61 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-openvz_2.6.24-28.70_i386.deb Size/MD5: 1244404 a00ae4dde9d6a921b17bda0e2fd86790 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-rt_2.6.24-28.70_i386.deb Size/MD5: 1264690 1e454c5f6a51b34c6f336d69269ba277 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-server_2.6.24-28.70_i386.deb Size/MD5: 661210 385cebd0decb92d51bbea38c77f4ea27 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-virtual_2.6.24-28.70_i386.deb Size/MD5: 563854 3806e67c965a034bd8fd0873914baad5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-28-xen_2.6.24-28.70_i386.deb Size/MD5: 1061360 2a3ad99a1b108041578893878a8637a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-28-386_2.6.24-28.70_i386.deb Size/MD5: 18384498 e8f5c0e7addd09241b7ef435a727637a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-28-generic_2.6.24-28.70_i386.deb Size/MD5: 18402466 0a06a6aad92ccebecf63da2c5966d277 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-28-server_2.6.24-28.70_i386.deb Size/MD5: 18519954 bf9ef7f9445cfc22787b17d74d8d5900 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-28-virtual_2.6.24-28.70_i386.deb Size/MD5: 8734136 0a8147e9d7bee6bc870bdc3208279eba http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-28-386_2.6.24-28.70_i386.deb Size/MD5: 25549924 8d030bc507ceb77d0fc6ae4bef22e118 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-28-generic_2.6.24-28.70_i386.deb Size/MD5: 26364898 875fb60bc5bf8621b97c5574d07e55c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-28-server_2.6.24-28.70_i386.deb Size/MD5: 27385008 9bec1d2b2b78583fcecedcd5c8ff3960 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-28-virtual_2.6.24-28.70_i386.deb Size/MD5: 24877718 482b8cef0cf005a8483d11ed3b364964 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-28.70_i386.deb Size/MD5: 709188 26cf4f59b5a9cb16b1c5288e9ecbea34 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 258828 643f05e4db376d0bf7558133f91a3cfb http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 264144 8770cbfb2e0e62965819cc57092f779e http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 163268 f173ed5d6f19c886c3e05041e233e310 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 163024 6bb17cdade9c310a5d75eeca5908b7e3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 236736 01de1ba5a354f340f81355f9e7ade04a http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 244974 b86f7aaf1e9200b8f4e91d0455f311f6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 1810636 aaf2ac4ebeb43a06da06b3d74abc4029 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 1827690 3f37ecbc8236e915a23a1c308613910e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 150834 dc34df5d314fbf390ef32a5695e2d4e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 143006 007db1ea88bc4bbf545e989cace61c1e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 156088 f046f30af354e4423fa7f6929efa9cfc http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 157156 daa0873f69f4fa6a3e2c6a3f70a98dad http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 107216 11c20967c4aba25588cd33e41c62f577 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 108514 6d7f89b2f04c023440977996d99b1a09 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 32952 8f3f5c65701052b71bbcd200e9727d68 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 33384 959583f504cdc92260a2e9cd7f154fba http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 60690 46b409f735bcf21fbdcdd069421998bb http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 61148 2015776c1d327adfa0c00c77d14e7ca8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 82646 498f6209320fef7240940bd2eafe8f91 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 82950 f8cd11b646c7b769865e9b0a6e563479 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 48532 fe22024e55539bf9079c05f25651599f http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 48460 c070e99c0ec169067c45861ee64e7b00 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 8190 764f83aca8e039670b54ef1bd81bf5c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 8438 40dd61311a71fb4f258b651d130fedc2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 51108 f788272ef04244c5338f2eb833c68c5c http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 52946 6a3a99cd19757aa4a7e5bf9bf0cdcdd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 92156 a595388aea811859919835a4688eeec0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 92430 b1a87544de05790689dedd1408f95825 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 1443730 ba618401639337ede996442e8d85c657 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 1426998 8d420db6ebadfd73a40ebb281f29b5e9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 43244 264bc9d22f2d87c78d9ec1246b475907 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 42806 f16161dac125195d296c774de1c55ec7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 11404 882437fd9335b261cd2ce699edda462e http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 12012 20555d5db134914f14f234201b050957 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 471770 7ea7283725e9fc661d40c780fe6e41a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 473736 ab685d960b7ae1f4397f08dca1e3c00f http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-28-386-di_2.6.24-28.70_i386.udeb Size/MD5: 70512 f3a95ca8d7726b950d0145ee38a3c90a http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-28-generic-di_2.6.24-28.70_i386.udeb Size/MD5: 71380 592677ef1ec0f18ae8ac4704e7f6abb2 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-28-openvz_2.6.24-28.70_i386.deb Size/MD5: 20246854 551dee4824d56cd54ebd6e2ceed36ce4 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-28-rt_2.6.24-28.70_i386.deb Size/MD5: 18544608 b047a5db139862e418b7c420e3584e18 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-28-xen_2.6.24-28.70_i386.deb Size/MD5: 18785694 ab4b0f6acb874628d207503ab96c72a5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 334050 cb0a2732f7d57db2d4cf0aff024b0742 http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 318522 845ff20c4f352d9accc1809e99f8a1a6 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 62720 da2d0022028e792d039fe638a6e511b2 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 73010 505d3154aa77be5a0e1ad64dfd6ae565 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 41444 0358500eff1aa734aa460223cffbd6fe http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 47828 41d9d6981ea0fb6efb885530e55d229a http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 89502 13e293ff0eeef8f0a25532cbc1f6c59e http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 105748 0276e7fc8215525f00c10d0d78729e74 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 44828 a6ad64ce75120444ae7f77eb185f8341 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 40932 b70c6c4ee3bad7a338ef382e8a3cdc13 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 704802 2482fd05dab21510ca1d1cb12255f28d http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 771068 65cf59f3797041350a9066d561c0e064 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 243302 dafec4c170c159b89196ce5a1b3728c1 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 246242 3efe238d1ffb86bb475953cceb77ed8a http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 69164 d97c8f78522a9bdc7b19f9d9eddef075 http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 132596 1e4fd78863d1c805c3fbfef2adabc1cf http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 70242 46c97ad3a53ccee9e557521ef833ade4 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 77458 a7d9a6a35e41c3a8e7552471f78f2de6 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 146272 074f4acf53ffc60e19b36d4360a6872f http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 165012 02994ab52ccb8b88c8a85954c04c214a http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 388012 3d1d5851c82d9b38f7764a2183ec6b72 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 350478 d5c91796ae6b0f20f52cab3328f9b233 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 2431708 6b69540ac9168a1068af1c829e6ad807 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 3474134 efd7274967d4c93a4b4f757b8b663f1b http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-28-powerpc-smp_2.6.24-28.70_powerpc.deb Size/MD5: 654288 16629f59f727a0d5d1ce1a2f178fdbdc http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-28-powerpc64-smp_2.6.24-28.70_powerpc.deb Size/MD5: 659270 3acd9fa19531e93a19b79b92946742fe http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-28-powerpc_2.6.24-28.70_powerpc.deb Size/MD5: 654194 19fb231dfad96a5202c96e0a963608a6 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-28-powerpc-smp_2.6.24-28.70_powerpc.deb Size/MD5: 20175768 245a4d510c48479ca8608d064bb4d0f1 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-28-powerpc64-smp_2.6.24-28.70_powerpc.deb Size/MD5: 21380060 4c2463eeb9eec0f53a8336ffea5d2f37 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-28-powerpc_2.6.24-28.70_powerpc.deb Size/MD5: 19950242 58918c61f50c52423dde5bb0cfea337e http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-28.70_powerpc.deb Size/MD5: 699320 f121a6d0897b8a3e3570355ad721475f http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 266748 96cc9a56b70590f6ef9cb4f42abd9f4c http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 307734 2a8ec116cdc2b993d54831e547d3cfe4 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 192248 ae395f02a06c83624393880a1c8bc755 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 201694 0523582031686284be72e9516eb874ed http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 272066 97f5240c866f23e18620876700e08bd5 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 306006 a09ded2fdc08a8b4fd286d5a732de719 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 1807806 f968364fcce3f3e06fe0229f9ad00400 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 2119512 8826a9667e0813ad11f13ef49ed0c9ba http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 235184 4d42dbe3fee5610fefc492c84f82f01d http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 225400 72d96411968df5bb24b6c3409111f368 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 170442 65ea470d4661896774e2b17744bde9ea http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 199750 8e539809543d9b39931c2f9c0b608fd3 http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 117952 9c0be00ccf310652a819d67e7fecbbbc http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 139264 366dd0c02e403ef16c9da1ed940336bb http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 45374 7da2780fd97a9efdb2891c4cd3dbb611 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 46836 f96d04782ea762bb25c5b7fa13927742 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 51136 7eeb8c67107d09cca5d6ec53b4e0e640 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 60300 75caefd9be900faf4d7bd665e0a87e49 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 74182 2b8011cab437a41dc77b94b88e469222 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 87214 134a0a4d60e3a4d00ad71d8a38a00054 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 76092 ad9b456136a6e9bad3004f4e618dbcca http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 30230 83682f80fc1250d73ca5766262c8cf8e http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 8488 6726b989a4df2541daca42af39d3a30b http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 10030 4812e4833e0e4b3ca8e55079cd13d7ff http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 57440 d72f21d71d83cb31c79aa785a6c158a4 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 68744 0276d8aa4abc940cae72d4451ba65cdc http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 101186 a3d4b7bea0440fcd1475bc292cece983 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 147822 372e114f4f7becea140fa5f33851d694 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 1565814 f4456b5f007c8e045f81e6de0ea25f99 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 1514592 726d8053f7f1ddebe305118ee429a5c2 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 76668 a8fe769d492687b7b0e3ae95e1f28038 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 85974 0aa16271f113ef2bb68b07dd5e387800 http://ports.ubuntu.com/pool/main/l/linux/socket-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 12710 dac27b9a6eed7ad24e351060e8b2858f http://ports.ubuntu.com/pool/main/l/linux/socket-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 14558 ec5ed3428e4b13a483d2ff19cff1ccfc http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 450810 4260e241f3f0cb6735739ccea2e70cda http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 505340 18d9294716dcdba902081c38ae39a676 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-28-powerpc-di_2.6.24-28.70_powerpc.udeb Size/MD5: 83696 1ad62154f4910af7748784cc71c8ec39 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-28-powerpc64-smp-di_2.6.24-28.70_powerpc.udeb Size/MD5: 108846 89b0ef22256773f155bd3d3868dde5cf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 59576 50a041d5ddbcac27bae81c81a94584e6 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 71726 6be6331d6cec8cdcfb63a25a1d94d0c6 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 42442 750e7a8fbcf37e4f1e18d75952056d6d http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 91778 ae78c7f7ed5677eadcd2bbd04e12e624 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 587170 b8ce9c8d08ad3d2d4527e0ac285a2e85 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 171076 70d9840d79c7d897510c19812c849109 http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 22356 684c85bec9286e7c3364cd7e7d20f056 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 46052 ca2fe0707c599d22956dfb3fc8abc724 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 152976 0d22680968c277f76a4001889af0431f http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 2135604 1b0f5a9cde179230c1166358c726305b http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-28-sparc64-smp_2.6.24-28.70_sparc.deb Size/MD5: 567336 5eec7e6775fe7fea52ca71b52f4de8c3 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-28-sparc64_2.6.24-28.70_sparc.deb Size/MD5: 565774 d5ff9b03b0d4b52aa4b462e9d3b536d9 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-28-sparc64-smp_2.6.24-28.70_sparc.deb Size/MD5: 14098838 83993d0248f289169a7afef405666fbc http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-28-sparc64_2.6.24-28.70_sparc.deb Size/MD5: 13833014 504a7d30fc2f014e930eb66bfa369485 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-28.70_sparc.deb Size/MD5: 754240 83b808eeb2d8b4061ddf9d268e44171a http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 270056 98f38a0933d936d9aa8112fb6a8e2f79 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 190354 c4600cac5d626ddfa61d83a1ec671247 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 263026 a7df05507a97bf05575bfe742c1f7fa5 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 1386390 54a61a95d39edbcc445094f29c42f262 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 175414 69911cef4dd5a0d3d030a528ce8457b9 http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 122098 a0c2adf687a51bbe829adb835ecb71ee http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 40394 3c68e727d9f14a708d9ffc7f1bbe3aff http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 48058 19adf9ec3c25c920295662c53f3dda27 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 8696 bb826a025cd7b1e9cd679c35c6126648 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 60508 4afc2631d8b1f65d02491233d5ccda2e http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 106836 b422f1235cb15f81230d03e9b3bdb4e1 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 1002042 9b12e59032066f6fe401f01ee248cbda http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 9518 b89c5ead0ec11c36566524fe1a6f544e http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 391832 a484119637039fe91af1d8bbd8b320aa http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-28-sparc64-di_2.6.24-28.70_sparc.udeb Size/MD5: 75926 8ad4b544689a8fee5dc03630477ca40c Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28-19.61.diff.gz Size/MD5: 7408064 bf077530cc28fc2c8ca7f9ebc05eed66 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28-19.61.dsc Size/MD5: 3175 c72ff80106672ba9fe2b235ed9a26224 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28.orig.tar.gz Size/MD5: 66766084 062c29b626a55f09a65532538a6184d4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2.6.28-19.61_all.deb Size/MD5: 3637802 0071d076650095f26837d5a5dedd2145 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-19_2.6.28-19.61_all.deb Size/MD5: 8702074 9443d9c2687b48b786cb25d72fb485a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.28_2.6.28-19.61_all.deb Size/MD5: 57052608 2e0d28a7e74ae69fa47a6e6f250948a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 234610 23fec831e3f61298baa06636eceedb01 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 44118 4a5fac5654db234e70a2e9eaccbf4285 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 43320 9952d12ff6a86714d06bfcf4bc9e4440 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 51118 7f9136aa3cb5b1041cf0551ddef98511 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 90086 f2df406121a67d4e0a47175ec1d71d9b http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 38016 d766f9f96987f7493d4fc61e591a8b33 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 521640 fe11a00a5429edfe67d479e8d825a39b http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 125832 b4d69c3d7c5c847d8aa24d837db44486 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 58072 68d73aff5009f5d5040372f2a46c49e3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 312522 221708988c790d5e0fdbc477aaa81323 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 3870958 c7c36beae2f7bf5930443ed3f6fddeb0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-19-generic_2.6.28-19.61_amd64.deb Size/MD5: 690350 78eff761f3de3ca6b6a5d787b0913386 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-19-server_2.6.28-19.61_amd64.deb Size/MD5: 689874 2f16c0b044e2f930a6de88d26682a404 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-19-generic_2.6.28-19.61_amd64.deb Size/MD5: 24343062 cfe2467fe5ca7affab65e8735c698df5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-19-server_2.6.28-19.61_amd64.deb Size/MD5: 24339190 440cbba0ae0f1b19d0a68ee7499ca3ea http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-19-virtual_2.6.28-19.61_amd64.deb Size/MD5: 10552344 058b8ed0770e4aa1df480e174f857778 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.28-19.61_amd64.deb Size/MD5: 767088 f35f8e695c44c813079736c9c17bd5e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 215202 fcf462d6720a7273ee02c49782e83b13 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 189510 9b19fb1abe93c181fe5fda8e72b8cd26 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 29406 6288043ea717a7305dc8510cd2f421e9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 274494 036b1935bbceccd31a7ed7e41f473f8c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 1933878 13697cd495d281f48696d983541ffe7c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 163480 8de928fc197b8b89ef1c7750a38b0d76 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 194830 74b0f571685be779768609c16a414346 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 153010 3f9d7d19adf9afb4419a80ad04231009 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 36498 fd7232b8dcf13ff08280ca63caeae302 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 5838 1cc67d1a6c420276e6f59db3ed9942c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 72150 a499b73933f58ec19e04b6428fb82185 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 22718 56724a5b7bcc91aff7be15700c0a82ad http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 8874 a4f0e53f6b6d2cacf54c6a9ac9eab37c http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 47442 b366ca0d5084bac531ddfbb50a9d51a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 15662 a0d315f845d9b5688dd17954a62f9d92 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 1273634 e0047421d0cb50d5b39c75c97274697a http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 47210 8ea312e79dd8c391c34b6b69cd257977 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 72702 c6ffab61cbfcfdc2e32cbf60f1d4958a http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 126982 d6ede00cbf90e3b77fb8472fb3a9ee2d http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.28-19-generic-di_2.6.28-19.61_amd64.udeb Size/MD5: 13472 d48c09cb3270f0372ba5adfbba467306 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 215872 98aa4e99386167781b23b5504cbc8591 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 46666 ede37f43ef40b34f9d77fc4640514651 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 41356 cb2e3f87cf5642a12835a48f2f7efa8b http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 47404 aeaca1593385350dc704f57aaf625b73 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 86924 5ea2819a5c30ce4c89a2bce2bd4627aa http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 33574 2cb4c345fe2fb221897102c5014d2017 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 525756 f090c1ccf69ddb2820186927c85dcd98 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 125642 86e82e5dd9d4f57969d66c72ec5f41eb http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 54880 6e13577469a187fece4e004a80668b48 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 301354 a8a087c11396b663d52e6fbb2fc419e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 3744732 3bf841c6e53f9a9d6c352609cd21570b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-19-generic_2.6.28-19.61_i386.deb Size/MD5: 674722 ae9bf80ad2a72a2eab03a182d0b076ec http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-19-server_2.6.28-19.61_i386.deb Size/MD5: 676386 672cfd17c45527cfcc4b74abad9f652d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-19-generic_2.6.28-19.61_i386.deb Size/MD5: 24657574 7a23546eec680913e2335da9389181da http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-19-server_2.6.28-19.61_i386.deb Size/MD5: 24781358 fd198c0b13ba70eadc83348ae87cf2f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-19-virtual_2.6.28-19.61_i386.deb Size/MD5: 10250202 cdd81611c7865173650be382716316c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.28-19.61_i386.deb Size/MD5: 767068 fbe363b42e813979a49a7444adface7c http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 218104 238d1fa355579b3e5c3b9a5f409ba412 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 174930 6c69f1ebda0371c7145ba0889931890b http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 30066 f825580f63a3220d9ec048f5660309c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 262836 1ea6cea34f931354abe2c01aa8698f01 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 2110024 0ad4a3aab3642c6ff44b65e2155483d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 150224 04dcd6e520494576ac6e06aa863e73d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 184330 40e357d4f7c99b886a6b7a00170177a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 143594 38768a0d3f979c7cd662d6f2d23b4a68 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 34576 dd9d68b4aa49cd96d1a4957ea1758668 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 5506 9e285ac21f1486b3ac73103b3e96fd40 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 86008 578f19d536439c1b0aada7f86ccb7241 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 47638 fe2306b25d5f55bd6566a0c2291505dd http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 8714 342c255e7f6fb6cc33b68075f0e21550 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 44690 94d2c332f5947f4dce037570ce39b35e http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 14778 0fe26ba732bfbe35baf944ae3b0e0bf2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 1446006 a016a4624c870f7359e89d436e94bfca http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 44098 8a7b3746af4ee04b564c8bd8caf17027 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 69286 f10cde36cc89019b0a2cc3ca37dd1570 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 119542 b1a3003512dc0814ad58c46d29cea106 http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.28-19-generic-di_2.6.28-19.61_i386.udeb Size/MD5: 12676 17546e9dd8ca873e2b2ab89c04274faf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 215272 2da99e7865fed571480c1daf83362c2c http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 46658 d88e490bb0b9783884ee8c7d7268af02 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 40958 658c3596adb419ab460d1bec285c84ea http://ports.ubuntu.com/pool/main/l/linux/fb-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 47310 20f31bf3e8154ce4e165a26ee05829b0 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 86524 220c27bce804ca2f28a07b1aa05a6724 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 33270 77f0d3419e8bce3aadab46745a89da47 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 523812 ca9ae4910b3b80db2b5f66df497b97bf http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 125274 df84493025631f40a26684e18fcbdcad http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 63562 aa198524f22feac47e6afeb90b4814a3 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 300758 e2f88dfcf8062c76ba8feb73009c470c http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 3036096 18ba173775e4bd72614757f96464f43b http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.28-19-lpia_2.6.28-19.61_lpia.deb Size/MD5: 643960 a59344b6416b7986fc4e381d2cff448b http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.28-19-lpia_2.6.28-19.61_lpia.deb Size/MD5: 21804176 6d5ada4bd63dc0267ec128ec5523d603 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.28-19.61_lpia.deb Size/MD5: 767048 119ec87226497a4cd35ac1616c110f8b http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 303974 013d213d0147879eaf3b03ee5a52ba62 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 157420 daa1b45750cf096ca0f21c2e9805338c http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 24444 a4604496dbae27099d5e99be02661e86 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 260358 050d3379257c6db05af1d9cbea5246e5 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 2027504 b41779f2e28f1a64bfef1328e0d46025 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 149404 0b24ae1029ee3377f090ce81937f591b http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 184738 4a4709ebe1e07dba8e80164d5d99457e http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 143256 93d56d8675a88d483b206a0bd915cc10 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 34466 b307ad93ea4f7c264c20833070f32599 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 5496 ae5a05934e8cb5b52e0793ba2bf8804b http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 85658 c8746bbbb6796a2bff3fa6b336ed74b4 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 47404 6230bb1e8b46bd653ac5d3ef9d9052b7 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 8712 fed56dd339cc12bb2c623a54da9d5b3a http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 63108 18cf630fa14beb0692f7398167e8b691 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 14718 8ee6802e848c75ca39da8ee1e02f0314 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 1447856 77369ff1a3bd4417251f3f1de7dc504f http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 43896 f514d1c6dc5f0edf987eab1993eff850 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 155176 0dd0d60e9685c6f1f092e7fba12f0d2c http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 172682 daee398b65ec579129a974398bafe526 http://ports.ubuntu.com/pool/main/l/linux/virtio-modules-2.6.28-19-lpia-di_2.6.28-19.61_lpia.udeb Size/MD5: 8152 f19e4bed18e1f803f2403c1f76bb4567 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.31-307.15.diff.gz Size/MD5: 9270340 efbacad31add4310d608052e0138cdfc http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.31-307.15.dsc Size/MD5: 2706 ab7417b57fac2e918ab18b71748eaa25 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.31.orig.tar.gz Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31-112.28.diff.gz Size/MD5: 4002602 7156a2ff98e4a29eca8db92dd27cae34 http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31-112.28.dsc Size/MD5: 2180 e004ede760b9ead8acfb08aae3626bd8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31.orig.tar.gz Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-mvl-dove/linux-mvl-dove_2.6.31-214.28.diff.gz Size/MD5: 4613937 a6d34bc737f45065a7856ca478f09ded http://security.ubuntu.com/ubuntu/pool/main/l/linux-mvl-dove/linux-mvl-dove_2.6.31-214.28.dsc Size/MD5: 2214 2387eb27814bd67f0788fd0450f400ab http://security.ubuntu.com/ubuntu/pool/main/l/linux-mvl-dove/linux-mvl-dove_2.6.31.orig.tar.gz Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.31-22.60.diff.gz Size/MD5: 2968144 51d9f41be632d0069d48b6fb7c53b059 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.31-22.60.dsc Size/MD5: 3782 1027672ce46ed3c00dd0fcc4682a64f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.31.orig.tar.gz Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.31-307.15_all.deb Size/MD5: 3801110 11ec385a097f99220d5ddb6c2e2f4002 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.31_2.6.31-307.15_all.deb Size/MD5: 64261132 ed0333508c22109f028ae2ef766fc85f http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.31-307_2.6.31-307.15_all.deb Size/MD5: 9674276 489c1295818e3e5ee4832104c483a0ee http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc_2.6.31-22.60_all.deb Size/MD5: 3802616 a36b05da0395ec7db681dc19fb2f1300 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.31-22_2.6.31-22.60_all.deb Size/MD5: 9542888 f10672f2db8403df76eca5b20694b8f3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.31_2.6.31-22.60_all.deb Size/MD5: 62194756 b7cc137763d5af113a71e31e6ac22f78 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.31-307-ec2_2.6.31-307.15_amd64.deb Size/MD5: 611656 2c695d1b064b808c1a2302ab2b886977 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.31-307-ec2_2.6.31-307.15_amd64.deb Size/MD5: 18766724 49915d82add98b1256e69fe1bfe8078e http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 221404 254b05d713505665c031b4496b163c22 http://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 15634 c74946f44729c910272e9ea7818630b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 52140 f69d9ea44c436108e9d12948b8136090 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 44830 cf091e89005a5a90931b7f752bdadf69 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 50086 7aeca28683007786d5ebd9ef1ed3ac26 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 92532 b98c59ba794fd8779c7d72bfaaed0197 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 37776 b8bef8f976de7b77be419a138bcae78b http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 537596 6b955d65ff2d68e8d95051cf094907c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 130680 f33ba0ee944acc4719c2967a1dcabdb3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 53836 f67f7cc6ef67dcf7f672fd569a89452f http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 310082 9c1873f4f9d43672eb590a7321e1d6f3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 4360720 16490513f45ae6688ed2bde11abf9e81 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.31-22-generic_2.6.31-22.60_amd64.deb Size/MD5: 708238 ece5100190ee7b1cfe205a988482f652 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.31-22-server_2.6.31-22.60_amd64.deb Size/MD5: 706794 eabe25a6ab5ecf566b6155d1e40b098b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-generic_2.6.31-22.60_amd64.deb Size/MD5: 28945438 dcaf7dcfd8fd1bb8396403a8385f00c6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-server_2.6.31-22.60_amd64.deb Size/MD5: 28940552 0345077dd48fee880de7036f7b9565ea http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-virtual_2.6.31-22.60_amd64.deb Size/MD5: 11766174 dd131468e97785447d16e271b9f0c96e http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.31-22.60_amd64.deb Size/MD5: 753492 0a0b60ed5f9fd5317d117b348c25a226 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 168332 2698dddf736f1f55b43ee796f36025d4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 202808 83c4daba95357805420dfd042b326624 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 27744 04f33c682c35a27fb0622c0ccfc64539 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 311822 4748943e01de51f9fa0afe1e6667ba11 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 2281794 cc0444cb92dfe6d42f1c29cf37020399 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 158660 ddaf46384d9657ea1afd15f0b7a04381 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 203114 0a8ba89a3ac2c15fba026750b7724b9a http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 161070 67957e42b693445a8bec0d1e65e55026 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 38052 7f306f8d2cab050417d6cb38857b5d5a http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 5762 39e5dbb1081ba9537468d1a927fd0da2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 73772 a4bad6ca01c03a927453ad26b099cce4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 22250 53b93aabb270063d193571b49d95b9e6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 9538 29dde3870380ac336fbacaf92ba229ea http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 39852 7e7b6dc05ceb31ac128631131cc4d523 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 23488 023007868ca9edada0fb2c92805d9683 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 1389890 cb421da7cd9f9dc1c2b7920d3cbd5d26 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 47372 76db327e946e56267ebb075149dd74d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 51746 2d218a60e0c7df2b655e8dbde3b8fde0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 129008 8e259b2e63ad1b7540ab5e280fd1185b http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.31-22-generic-di_2.6.31-22.60_amd64.udeb Size/MD5: 15818 bd77ac1c53d4013fd44d6e08e0607a0d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.31-307-ec2_2.6.31-307.15_i386.deb Size/MD5: 583698 c74a1a2666674f9f7868022638a44eec http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.31-307-ec2_2.6.31-307.15_i386.deb Size/MD5: 18098198 aa80a9877a0e8e66b3eaeedf106d2735 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 198856 75a1fabea67826c04b3f970855301f66 http://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 32460 debd7f409c0590fbf8c54e4bfd353b0a http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 49946 a1fd0118b8702be8c81173ac13de49f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 42114 8ad595e8510acc850d85f2b15409c398 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 45944 fe33cb34669e234be9c67b10786438e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 87406 f8c4148cb3a8f30c7a59e5dae4771175 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 33766 fbea3cb1763e19feb0994cf8500132de http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 534130 2d58da5dee752af1baedeb14a08c5f96 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 128170 4723852ff55df632006c4927d13f114f http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 49746 a976e85f8ee996273f27a347df71a409 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 295730 69eac5e852238c1a21440a9241b14832 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 4196436 e5b97c5775a2511f10966890095da19f http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.31-22-386_2.6.31-22.60_i386.deb Size/MD5: 685230 67f5b3274f3a20bb452797106ec9f137 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.31-22-generic-pae_2.6.31-22.60_i386.deb Size/MD5: 687020 7d21f4a09ce0a273cb6d7503e72ee6ae http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.31-22-generic_2.6.31-22.60_i386.deb Size/MD5: 686244 65573f1a4fa26cf1d025885ba2cebbbc http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-386_2.6.31-22.60_i386.deb Size/MD5: 28823902 18b1320dcc9bc2283011911c04237711 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-generic-pae_2.6.31-22.60_i386.deb Size/MD5: 28958792 dc3e36f69d9881d9d26e8cd2c44800cd http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-generic_2.6.31-22.60_i386.deb Size/MD5: 28891678 aae1afae57ad58337b6454bb13ae72a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.31-22-virtual_2.6.31-22.60_i386.deb Size/MD5: 11300176 dc82553b7990534cc39f9f4cc4e00f87 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.31-22.60_i386.deb Size/MD5: 753460 b871864698fe96c8c053de1ab7d28b3e http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 172874 cf867621a1c6af7d2df0b32c31d47f3a http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 186174 421f2c1b6a7a9211742bcd0116d5b16e http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 28924 bf4c063e743601b1838970be5eb4665f http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 292874 8b3015efe3f52550b68f137e72be5632 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 2400172 d3a5e3e28a6f54f5ac55255fefe8d753 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 142002 863be5985847e2c869ccb738ea6eacf7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 189594 5451c54d33a9917ef47a39385a2d60a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 148538 4f7e33f693ccc7d0fd540942fef72b5a http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 35292 8faa6b0d2be91563e4f946a97752a550 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 6840 152a8cf38c19823497507b9f3663df86 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 86104 cf1457aa150576d327043920a45cff27 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 46424 b2baacb7c5ffe63175430863e7d6878e http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 8918 9b41564f8be9827daa0254d9308ea154 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 36282 291e645259303b5c8802e64740569845 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 21668 467a00b25bb160d9e117fc910f31784a http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 1495340 ac8a383261c23880b7f2f98dc9ca0f97 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 44088 12d57d9e5921a6694e98f72cd661a89f http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 48548 06ffbb6a1b5d63dd5187dc4c96d81004 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 117862 334d8feda1b33280c0c767eb59fc8941 http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.31-22-generic-di_2.6.31-22.60_i386.udeb Size/MD5: 14532 28a556e15bd25cacb435f06bc40de557 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 198816 cabad71083cee31770876846c9b3e5f0 http://ports.ubuntu.com/pool/main/l/linux/char-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 32446 6aff2bbc6e25c9ed6dfe471c79f9e63e http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 49948 a322353219ca799650b5726a6c06b1d6 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 42156 bb1c584d16c683ad60b94886115201bc http://ports.ubuntu.com/pool/main/l/linux/fb-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 45934 ce7abfdde991057d5de236cc7c92dd06 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 87392 5a3de6c8b7e9f7789d180572b09dc2ff http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 33758 73cb370ad891451b4d0bc88705010ae2 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 534312 6deae522a3c870b57491d1da33d886bd http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 128220 9301688d4020d499ed969748cb732bdc http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 49750 c3fc2a64a7415c42a60be5284785ac0c http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 295734 7b6c3dfa99d318e9202a33348b0b7f40 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 4197456 d122014f54ef4ab940dc19ec321d6286 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.31-22-lpia_2.6.31-22.60_lpia.deb Size/MD5: 684840 c139f2a52780e291cc978594db715c14 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.31-22-lpia_2.6.31-22.60_lpia.deb Size/MD5: 28892608 4bf6a29734b5aa254ca96d4c0f26ff29 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.31-22.60_lpia.deb Size/MD5: 753444 9e4b00e5d9f5a894ba2e088c3d15e280 http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 172932 8478bc14f1f14a05a4e93b2356428c29 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 186154 49c9a729f5b7cd5f127d8f45437dd162 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 28912 267006f0a11aaf673cf8f3b3f3abaeb5 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 292858 7761b4f00c9257ce5b7873d76f1c5ea4 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 2400346 e2ab63a68d1afb4b84de59722af76fad http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 141982 32b0be2ea446d44c0796ead47f311aed http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 189584 29474120e1018740d2cedd3c560d0c1f http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 148528 8a3914c5c04e9967f99d5b71f0630c22 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 35292 fc88bbd3fd4ada2002bdbb7dda4784bf http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 6828 495fe0c7945276ad8055ff66aef0c870 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 86098 309c17f97610d6901a49ec7deee22282 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 46412 3a56ab298ad69fa20a59243dc90d91b3 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 8900 dbb82fccbacffd5147b0a4ba42e73fb0 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 36270 f275023b9b741f5383a4adcb3c20d8fc http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 21666 a10e2c6899f03445dc3fd431b04e389b http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 1495072 a60482e79efeafe8f7c5544b7aac4d25 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 44064 c5c8d43cdfedaf45b3bcb0ad5cebcf5e http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 48540 a81308e2c1a4e85467c70dc11586a35e http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 117832 0fdbb4919cd2f93e13304a484a76b890 http://ports.ubuntu.com/pool/main/l/linux/virtio-modules-2.6.31-22-lpia-di_2.6.31-22.60_lpia.udeb Size/MD5: 14516 f87cbe777565bffc6791d917445a8ed2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 321492 a6e3955497936e2d8d21d663f79217a8 http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 263650 c39b24ef95a57138b0c8c29d8ebd1db1 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 58862 623da2e39d70d011def84a9876f404f7 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 67046 b7ef32e1debe5e3897b29bf892a205a3 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 45932 ad59fb0a080fbd3f0c54c489fc1a2b41 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 51298 255d5493db43cfcb76868955f47e11a6 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 90698 549cbf218bbe9b9ca431c42995dd0895 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 105162 f4a5cdf80fdb0d8b50b66266e2a67600 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 39486 1cc5b805673f1e8ca877d80199bd35be http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 39270 c80c6ee3f07888fa3c6f3c6147bf9a9c http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 581030 48870bec4d7c78fbc4d447935a7fed0a http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 626342 71f4768f5551e771ab87f2621da8097b http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 149306 ce090bfc2dd1317de4d461e605d74101 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 147320 b3947ba223bd39bce44748fb8a737100 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 79708 998771d5afc49f155a7a028446f0386a http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 84132 677a36642f9fa2d4ac4876e7c4c8588e http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 402940 f38251cc951d684a5052d3765152fdac http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 342490 bbb42db83979db7bddad061bd10c19a3 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 3838604 3dc50a2b64f2864947576cfdb07c8ccd http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 5223500 d454911ee6879d2a8e3e09ef756525a0 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.31-22-powerpc-smp_2.6.31-22.60_powerpc.deb Size/MD5: 795016 dc961bb4deb5e0f7cc8594d3b42fcccd http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.31-22-powerpc64-smp_2.6.31-22.60_powerpc.deb Size/MD5: 813182 cfdf6137c9db4ff068f8377641a6f994 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.31-22-powerpc_2.6.31-22.60_powerpc.deb Size/MD5: 794466 7098cc192d736432f69d6461b6b2f1e5 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.31-22-powerpc-smp_2.6.31-22.60_powerpc.deb Size/MD5: 24881134 d3a7996bfa4ca9d00ffa138e8af07a65 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.31-22-powerpc64-smp_2.6.31-22.60_powerpc.deb Size/MD5: 25859358 1896b217a23fecdef7fa4f4108b5a39d http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.31-22-powerpc_2.6.31-22.60_powerpc.deb Size/MD5: 24711328 090a1826d0b29376957bd285a00bec55 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.31-22.60_powerpc.deb Size/MD5: 738524 6a069b9d476c1302d17b59b97d9f5fef http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 272172 ed7a1d4d22a74235e0e945cd00618b3b http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 294756 b0fda03144d279b6d8c11ba4a151ff0b http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 210594 c2dbac3b914f766e9eef15e760579805 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 217030 6f3106804d19966c219d7f3ef60e7ec0 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 26370 4918a8a9b630381d08931f36e98a6ba3 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 29680 dbf2a64751a6b805c38a2671588cd55b http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 315082 c4cc05ae803543c34dbc5b84bb506fc6 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 357610 169b16c940142485d187019ae62dfba3 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 2027744 72cac22305c06de13610f3e4cb732000 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 2247756 eeac477bd4452047bd4e054438ce5ae1 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 213540 539abf10cc8075cff2aaeb7a5d2a4415 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 209828 07bf91d64a9c1ca41d847d1d45145859 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 210294 d03b6378e07b7d16a8060805d5a33a1e http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 244890 35b7664b5b7866124f07498565492550 http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 111850 76a16b3ec983c1456a847b74b058c84d http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 131634 42b2955a56db91a6734e79fabe4b6eb7 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 49036 9f95af70a86ea344deb82828097f33ac http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 44086 d8d27fda02b3a2eccd1bb295513b0ae2 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 5848 ca06ac8de8f328c81d274625018c28dc http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 6510 19263161420a4414cca39b3e176ed1fe http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 79130 f9547fa7a009cfc1fdace53f207e66e0 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 85236 783f47a75d9e82f999273ae34ecb2bad http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 74332 09ced5601534f6721803bc936d4474a6 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 27270 8fca637189a591b726e81d9f759de81e http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 8542 5e50b93423cef9abfa0e1224b0706042 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 9816 645a211d3b5072ddfd2494355f612081 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 58820 d1e640be1163d46f9c4d30f16bc5d489 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 70146 df3e05fd190bbdee466474050abf6d4d http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 23716 df0ec1c32f484026626eba3aceee8bd0 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 30798 d34084fae6d01f175c520a7ee88ae885 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 1557496 8b2c2babeeb812ff28154713e33b68fc http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 1509500 140ca736b92247392b5f7a81c6112824 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 81652 2f7f7e13c32879ede7d9444b7d0d82c1 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 88506 eb5516ed210ea0daef38e35a63497716 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 64574 93994b13239fa750556d18cc981ead23 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 77178 88f35d2608a8c3e187ffddbc1d1249cc http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.31-22-powerpc-di_2.6.31-22.60_powerpc.udeb Size/MD5: 141566 1705c06d42087933e0bc8078790c00d1 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.31-22-powerpc64-smp-di_2.6.31-22.60_powerpc.udeb Size/MD5: 151400 5a4f2e223dd56b134c2a1bd52a5fdab6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 139446 c7baab61c8a09b5ebef664ba84316425 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 70116 cbc95ad9771e8414cdf22bc424b7e257 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 46514 6cd9a6fed2a5aae88598be99e139952a http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 93986 5eac60dfd4283e77a7ced7e36f4bda4c http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 588776 425ae2acd1afcbeff7468ea90c778300 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 148400 5cf7b0187e50f5c17a0a951650ad19ff http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 75882 089f804226b3cac5e0f007704b5fbc3e http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 2915232 bdb3bc98fccde0f109a49486b8f4fd79 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.31-22-sparc64-smp_2.6.31-22.60_sparc.deb Size/MD5: 612074 601db402e4c301ea1f3c7838655e4bf2 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.31-22-sparc64_2.6.31-22.60_sparc.deb Size/MD5: 611672 5611adee164ba7997a9dc6a35cc03919 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.31-22-sparc64-smp_2.6.31-22.60_sparc.deb Size/MD5: 20554024 4ad3050a3a26f3470c2df6cf32ea12a2 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.31-22-sparc64_2.6.31-22.60_sparc.deb Size/MD5: 20242858 42fa813a7d01a6864dc27d8b5602afee http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.31-22.60_sparc.deb Size/MD5: 750612 8957e1fb11e133d1e6c056ae25fb1921 http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 266438 128f34223118495af4a21daf6fbf9099 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 209154 a2f428054c4405bb238d2be5dc54ce17 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 26792 1ca186e1ac28aa3aff15bdd6060d07bd http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 314212 212236bfb1dc174322ca6e9f277de47b http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 1675454 da2055579d886793a3ff4c0118f451d6 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 222868 bedf62d04baa61688881e77c64fa7c15 http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 121974 b1b8381f0c79f3b6466d6baf71446f08 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 38796 e04e8345ec4eab7514fb38c751d561c6 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 100826 39ba938bb7bd38eeb830b1a3d75e2155 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 8928 18206a9f5a2a84dcdc7bab536d389156 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 62912 c16890ee3c8ad593ce2ca0d60bf55194 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 120986 0f766f53e118900c8cc33fbb7ec591f2 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 1218150 17f468abbea9fb86f77c5bad73c3a73e http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 101542 02cf5f3466caf54628bfadfabbdb86d6 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 200226 5cd4a933a0218730a5906011c5bc031d http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.31-22-sparc64-di_2.6.31-22.60_sparc.udeb Size/MD5: 185114 af6cfb5ab8a3e15eac5005f1c78d2507 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-306.11.diff.gz Size/MD5: 8482468 87193041e67aa771132606051612da46 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-306.11.dsc Size/MD5: 1502 cf51bda52f14984a1c3913d585b94dcd http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32.orig.tar.gz Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31-608.14.diff.gz Size/MD5: 5383378 def0a5c447ec67f86d849bb83fb8d2fa http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31-608.14.dsc Size/MD5: 2180 a4fdcf52dbda79869b8dc1a9b0d41fe8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31.orig.tar.gz Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-mvl-dove/linux-mvl-dove_2.6.32-205.18.diff.gz Size/MD5: 6748240 2a5a075f68fceef9902a1e194463ed25 http://security.ubuntu.com/ubuntu/pool/main/l/linux-mvl-dove/linux-mvl-dove_2.6.32-205.18.dsc Size/MD5: 1464 6d6a8254b60e8244b1f96b4d85d6687e http://security.ubuntu.com/ubuntu/pool/main/l/linux-mvl-dove/linux-mvl-dove_2.6.32.orig.tar.gz Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-qcm-msm/linux-qcm-msm_2.6.31-802.4.diff.gz Size/MD5: 4275510 2e55ad3f665eba2ccfa99804c5f61941 http://security.ubuntu.com/ubuntu/pool/main/l/linux-qcm-msm/linux-qcm-msm_2.6.31-802.4.dsc Size/MD5: 2162 a0268c009b0452ce1d6bbfaba3ef0537 http://security.ubuntu.com/ubuntu/pool/main/l/linux-qcm-msm/linux-qcm-msm_2.6.31.orig.tar.gz Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ti-omap/linux-ti-omap_2.6.33-501.7.diff.gz Size/MD5: 3434570 c246b6f07ee762ee5c6c13b8d064507d http://security.ubuntu.com/ubuntu/pool/main/l/linux-ti-omap/linux-ti-omap_2.6.33-501.7.dsc Size/MD5: 1442 43cfcac6c98558e0dd45b6a13873c5eb http://security.ubuntu.com/ubuntu/pool/main/l/linux-ti-omap/linux-ti-omap_2.6.33.orig.tar.gz Size/MD5: 87197318 83dfcb85de817d9b63ee31937118c9c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.32-22.35.diff.gz Size/MD5: 4621518 c2fc8cc8caf3e8d8908bb4732a60d33c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.32-22.35.dsc Size/MD5: 5568 b7b30fce01964ef809d3395f29c0f22d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.32.orig.tar.gz Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.32-306.11_all.deb Size/MD5: 6391790 9934fb97782458b5a5a108364b86420b http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.32_2.6.32-306.11_all.deb Size/MD5: 68063660 bb66d042a1242106996c48d03bd54046 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-306_2.6.32-306.11_all.deb Size/MD5: 10003726 932c5faf79a155d5370beb510831362d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc_2.6.32-22.35_all.deb Size/MD5: 6391904 582ebf59bf8ab2d33b7c7801647f64ac http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22_2.6.32-22.35_all.deb Size/MD5: 9867826 a112051f276dfe638c98adfbe2cda80a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.32_2.6.32-22.35_all.deb Size/MD5: 65820192 c149de16c0b96afb2c8c98d4a5884d95 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-common_2.6.32-22.35_all.deb Size/MD5: 60636 0bd150c7fc457da6d1fdcab7f45b9f11 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-306-ec2_2.6.32-306.11_amd64.deb Size/MD5: 644868 cd3691870ce135309d16a78adbf93987 http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-306-ec2_2.6.32-306.11_amd64.deb Size/MD5: 19834952 257f5cfe67bd2e727bb8b304d3301993 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 237840 9a34fe2a5b057dc2b1daf0fd30850943 http://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 16524 eb35584a630e3a85766ea5ce0c4f6365 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 50052 eefea187a93724843bd127552830ac1b http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 46262 57bf21e6ee6fb7cc5f9ef8fc40d08d6a http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 51764 cd3379b942e04b3200473484370fb876 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 95192 402d06156f91240b619e96f22dd75ea3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 38660 85256686a4855537b2e8214f51a8581d http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 538882 c1d7290a91896acc094f0a26407dece2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 133544 e75341c9805a52943d5720f1dfa720bd http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 98914 e5fb0f13ddbd94ffe79ccdff3cf0f7d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 320120 a00104d9f50d0d65c86aaf575b35e11c http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 4449968 5583c3906b7ffa87fe64c0117f946fa0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22-generic_2.6.32-22.35_amd64.deb Size/MD5: 744950 e2bf6a508794318db16cc6e30009d1ab http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22-preempt_2.6.32-22.35_amd64.deb Size/MD5: 746984 73361899082062e6b6907a58b65e13dc http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22-server_2.6.32-22.35_amd64.deb Size/MD5: 746996 e5509ecca0fcfc8894c390bf92c93bc7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-generic_2.6.32-22.35_amd64.deb Size/MD5: 30865592 448c8ed0e90302de8cc67d3c26ab4bec http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-preempt_2.6.32-22.35_amd64.deb Size/MD5: 31127336 95a46fb5b7b2a1490fb7f8dffc796665 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-server_2.6.32-22.35_amd64.deb Size/MD5: 30941912 0da9825e4c58d53ada9c259bb30b0a1d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-virtual_2.6.32-22.35_amd64.deb Size/MD5: 12400736 63c330cd8f3013a2352ba69b55e091de http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.32-22.35_amd64.deb Size/MD5: 771326 cbcf12d3846a08c4aad270f94c2967ad http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-2.6.32-22_2.6.32-22.35_amd64.deb Size/MD5: 188410 8ab096d110797b29ce0e55513d2cfc9d http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 179004 82935c201d651a8f2540b4509246dcc6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 266266 62a5d101bf2df6cc46e07a6ac5c754f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 32456 f2cf533f43928805184e2e8445851764 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 330624 5d9e4a16d27efd75fe48f737d97709a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 2379272 bc901048af3e41a52a1b6fdbcb07fd82 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 163568 7a0da6ae3ce1dc89eb492b721114b041 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 245610 f228d86967c3c2f54793d67c3723df98 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 179798 dc4938e5607f0ab8fac24b68b6cdc30c http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 39240 9fe5999bb37261ec1eafaef688af802c http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 150324 f8cbef960228695ddf3f44279d9f309d http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 76634 d9ef1f8ece226b70bac378b406b2fd72 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 22998 d4281699ad107f572718380f6f8854e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 9744 c22fbc8081b2f5cb5ab4699ab799efe0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 41032 86840a3b7f62ba90fdd545ed0909a200 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 103692 0e4189f9ea0d93fa5bdcd0a59fca46ee http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 1445188 1a3aefd74d49cac4a6c27f1df74e85fb http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 40680 cff9f81e2e76f3bd9f2b2bfb92a8b1ef http://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 15420 e261cc78944c65be7ae4cf01206ed46a http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 53056 a44b3cac618e304b5ec27fa1644ac6b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 134924 ac50fc239193b640db9fe2c8dfd8e25f http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 16746 8ac42a73c7facd9dd40bbd9dae43f1ea http://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.32-22-generic-di_2.6.32-22.35_amd64.udeb Size/MD5: 22362 df95e4cf43ff61bfdcd1b9c3260779cd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-306-ec2_2.6.32-306.11_i386.deb Size/MD5: 621024 7b07a270215d6dd4e8d3893d74f08f8c http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-306-ec2_2.6.32-306.11_i386.deb Size/MD5: 19197386 b48d278dbd72f606b0bdee27cdfa461c http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 207168 04f695e7bd431c95896ba7343d704c24 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 212536 d34379185e1c36eb47b732fb8ff1db33 http://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 34260 fac3ca7d3353a02c170c663a86817ab2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/char-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 34560 de0b20e1fb34c4a605482afe4ccd383f http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 48026 b1b6503c8d2c69dba29c0e7212210553 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 48042 b74910fe0c9fe6dedc55d616531e8e9c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 43630 9c5855cb9e72e959a86bec59ca889a63 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 43654 5086f6f21c2eec63ee2dbae90e9006c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 47824 35033954fd15422a784c6a1502d0ed05 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 47892 8a1e2129f4c4199e97f50979db7a7303 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 90440 749f5096fa443cebaa5819e7dedfd15d http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 90780 e01f7cac074601d43a87d2efed48f5f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 34638 8fa9caf412924705ae079ecbf4581859 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 34696 2f8fe16bbc0d3cc5a858c93f92e2ef65 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 535026 9d4cbabe440b3b35dca15cab907c977a http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 534774 9813309ab4c7c9cf97364bca8df2309e http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 130862 d65ebfcedc44f8a18a2a6dbc728a0808 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 130886 a7b9ec1632f19a9bc991858b8522691f http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 91586 dff28b0c21dbfd697f8f7cd153017f62 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 91658 78956e99f332397bfcdc0d5ce6466ee6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 305268 20691a772242ecf4b853df1228b49b32 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 306204 6fb638d788f6ab1fee67c09fb0054274 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 4301526 9a01c667449a37d1daf3d1f01c0cbaed http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 4430826 fabbe2cbce7e887e0da33b0ebf01c7c2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22-386_2.6.32-22.35_i386.deb Size/MD5: 729628 a0c53de17e95532c4c748dcb8c3f8a82 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22-generic-pae_2.6.32-22.35_i386.deb Size/MD5: 729524 e1e5eef7b13c61550d8ba319ae41a0aa http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-22-generic_2.6.32-22.35_i386.deb Size/MD5: 727666 bec8fde6ea2236863fa2da253cc891d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-386_2.6.32-22.35_i386.deb Size/MD5: 30921264 fe4dbe8391e9be16a08bde9f0d7a663a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-generic-pae_2.6.32-22.35_i386.deb Size/MD5: 31020332 1ebd2f8932847138aafb7ed3e6957c58 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-generic_2.6.32-22.35_i386.deb Size/MD5: 30929116 e207e190177733b86d036e0bacd9279a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-22-virtual_2.6.32-22.35_i386.deb Size/MD5: 11937042 f75a9af8e6b0b1395b8c85e675b25d3c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.32-22.35_i386.deb Size/MD5: 771288 818266f8a6808cc542c9245db590c703 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-tools-2.6.32-22_2.6.32-22.35_i386.deb Size/MD5: 180486 579bada2cd54987719ae06e8269c176e http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 182664 1ff8ed599a987d8a016a359412511d72 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 182810 4711fddd17faed9cb7de1ec1d71fc53e http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 249278 23dab95ffbc4b230ddc7f1c797a3bcb9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 251962 fe10f470f29620ce2f54260684821bb8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 33842 b9dbe86e294a6f732c08965009591921 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 33864 eb80dbd858a2a1154de4670b63c33059 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 310380 2382b6c171c0aa238ddb3df4a4ad8dfe http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 310412 253a9da96c5fa7f006a3311187163630 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 2493630 c992b5a7a0c300009c416305f2e6ce01 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 2511312 975b0287bf52ab17a32b804add8de75e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 147230 fbd3a7d9e0065703b8528bc452384621 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 147306 5039e5f46fed6adcbc78430a7f5136d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 228658 7ec7d48f3e42055a07e20e6e3e3142c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 228734 aa7e8172c565ca8124678fa9c9444a41 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 165954 3e748608ea7b38c34be69c1ff91ad2a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 166012 f708e9e4ad641fa6275a5a3e535b06ef http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 36362 143f93890826df238056a1e5f43bc07a http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 36486 13949aaa8ad32338fff3c56ad0780c9a http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 156928 9888f0f521ed580da0aa3eee88db9ee9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 157200 14718c7817980def8cefe742fc25f4b8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 90206 9b4f0a5ae4ecc56928710578948e8aa8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 91098 72d98fe1c957a6533d0e92bcd9df126f http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 48114 c156299aa317a60124657975ba0422cc http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 48158 41a0c6cdd72641fc6327c91e2a41303e http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 9106 b3c84333d67154196fe492330ec937f4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 9112 c6d1478d99deba24df0f1abc7a1c6360 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 37450 d41485700623523bc62b122a67f57f37 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 37472 8c553307ba6fec0874a4767f46eac97c http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 93834 49462cab3b38d4e445456e6496f688e7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 94402 a0ab7d68e42751978e478e46b39c8b58 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 1555960 02d24e085fcacdc34b770d8e4b3e60c1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 1506776 e05a832ffa4bb240518968c28eb05fd2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 37966 d5bd6c357df20158f33dc5d8b898786e http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 37970 b1917a566671571351108712ea8b7cea http://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 15568 0094f62a06418771e1b7ce988e5229dc http://security.ubuntu.com/ubuntu/pool/main/l/linux/squashfs-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 15580 5f1e986aa2e88d63d62322ec85e8da17 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 50002 d7a47201c272480d804ab92e91a9c00f http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 50056 08be19a737d5c6b1b99b21c072e28d75 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 123832 091e7733c12a45745381b4fe35d3640b http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 124268 2e5ad0b6c7b80907a9927bb37446aa06 http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 15488 0afa442071262b64ba4fbfe594b44306 http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 5710 b999ccf838edc897b8874914e3f25148 http://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.32-22-generic-di_2.6.32-22.35_i386.udeb Size/MD5: 20788 7140a98dd26b05e5278d938a02b9af4f http://security.ubuntu.com/ubuntu/pool/main/l/linux/vlan-modules-2.6.32-22-generic-pae-di_2.6.32-22.35_i386.udeb Size/MD5: 20798 a2cab82a0956e6ec96375cd9f6e23a29 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 340852 5448ca0d59837472e8062a7758249b05 http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 281626 20cdb99682c1f387eedd2dfdccc39c0b http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 60558 30fa795c08458a313f3a04c3ac06b833 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 68708 65c5e7b743e6e041e55ab080726e6326 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 48390 9d549e434d1f43ca803c400337537735 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 53128 e1b19e86e96b2a705f52257d0ba3e446 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 96780 69931c2ff42e93b841cbc39040b5f30b http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 109864 55530222d62b149471f8f7ec0a0b401c http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 41000 e504306368b70e7b1d4080fb9f104774 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 40386 867836bfd128cb699b6084d22ae5b9ba http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 598544 7c74713ce524ca6056f98b948ba1009d http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 631378 f6d7ccfc08940e0f182d7c347aa6fe1b http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 155250 5e58765f9014ac1b91db52377be3214e http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 150514 1c673dcbb00b8bdb03c140e2c16c1c0b http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 106286 f66ae752322b3a80afd81acce9678c54 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 110218 b81a7936f5d028e6e2d1b0c66ec67a82 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 418794 7614b2ba143ebc43a4df17d3a553f07c http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 355170 c461e16d2638bbd922ba08faa3aadb1f http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 4184440 fcf9a52cf7d828353fc20fc42f04074e http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 5568942 e1244e4847aa34cefffd29c5e69d17da http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-22-powerpc-smp_2.6.32-22.35_powerpc.deb Size/MD5: 834094 d2a5a47fe19b15efcbade3a458886100 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-22-powerpc64-smp_2.6.32-22.35_powerpc.deb Size/MD5: 853586 41d8ab0b3bac34b9ef18b3bd1751c06a http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-22-powerpc_2.6.32-22.35_powerpc.deb Size/MD5: 834092 e1e2aa29e1424aef7ee116b1aa782e44 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-22-powerpc-smp_2.6.32-22.35_powerpc.deb Size/MD5: 27690922 d93d95c548c34b5632bddc5f69e7c400 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-22-powerpc64-smp_2.6.32-22.35_powerpc.deb Size/MD5: 28531758 631a3347cb263b30bbac36ecfc73b928 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-22-powerpc_2.6.32-22.35_powerpc.deb Size/MD5: 27421200 9068bbc77af845ca5b609d63bacd3308 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.32-22.35_powerpc.deb Size/MD5: 760646 0e4b57d343052f30433529cbe14385ab http://ports.ubuntu.com/pool/main/l/linux/linux-tools-2.6.32-22_2.6.32-22.35_powerpc.deb Size/MD5: 196496 08665e49676e012315b941d37f838812 http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 289406 e171a625ccdacd6709fee1c6e116e3bf http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 310398 ac3b6dacc77e4002ca825e265bbedea2 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 221150 6a0092ae1be40ca9ee127b2232d15cb0 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 223804 af7ba0faf09abaf57945a5e7fc2ee506 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 31938 5101007b3b2c9c45eb839952ff705786 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 36496 5dbc40f2acca40498c173d0886f9c2fb http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 343926 8c91a96bd0c3c6cc134532d13fd3d37e http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 385810 4a30a8fe1a7d7c1367938575c185f169 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 2173120 cb265da97dfe62f146fd1fe41ebfc1f9 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 2372824 8525c63c57d9345520be8210544f214c http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 223066 00121583edd924fe1757fa727ce876f3 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 217338 72c2573434f500ed671fa00582074ca7 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 259842 55eca2948a90fd62fa2e4ff0a9af80c9 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 296094 bfda8ec67edf7abd1478a60b126995ac http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 131886 ad03d7e0dbe804de4593e2fb86ebc4d0 http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 154672 b67bb554dccec4c27d6accfbc97de8e4 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 50974 ee184ba015afebe43b7d67545684a609 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 45510 62e72d83114e691e6644f77328eae811 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 108060 869c7fefad265a86e620a08b85dccca2 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 123884 14b554ea470bda34e64f0d1df7fc6516 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 84352 1f3ffcebad40e4289c58fb81aec0855e http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 89956 8f8f82acc6aad562a95d254c5fac022c http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 77236 e74748e50bc049e1ca8abd0babfcae76 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 28408 34f21190bd3bbd99cbcd25074d41faaa http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 8958 91a68cc7a6fe6edf7ac0be03e165b4da http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 10186 b4b821de875ffd8607a5f867f42854cc http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 62110 8194a3936a0ec9bbdc1866f8201d7015 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 72518 009ef857c62f697f9ee69284634b274f http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 106886 da2d5917ae498c3078ebbd70ff3da14b http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 136600 e6165d5923d6aefd3f3398010ee23694 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 1648486 4f570da059c50025d135c0e3f75ccd5e http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 1575088 c836ac8e48f8d71fabddbba3b950c198 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 78218 eddd03eab6e34af5a232892afc3bca0a http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 83474 0ef56c605b39df3e5edfb67682ae2c06 http://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 17454 c7dbbca300fc48245cd4cfcf51d5b35d http://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 18520 94418ced4448d327ec47dc602c17241a http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 67940 7a38341b4bc2c79511068590fc302c01 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 80278 e54c3d70347bae3108d67b1bc2bc4516 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 152200 1dc38fce24ffad9be140b3948e356e05 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 159704 c78e3cd87f71f9a728004fd7e546cb50 http://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-22-powerpc-di_2.6.32-22.35_powerpc.udeb Size/MD5: 22518 a83c7b1e9ffa2a3660bb41fbd3fcbaca http://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-22-powerpc64-smp-di_2.6.32-22.35_powerpc.udeb Size/MD5: 25778 b7471dba3ec7b8c05d5ea5739933fe93 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 146488 3b7be44529c4cc86514657ac7b12b12b http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 71440 aad8b8756f92832f4febd71db1f966dd http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 47602 3db40ba1ebd556f46b88da6dbed5c5d3 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 98038 101ce2471c33a479cf85df2b2e2c5211 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 591060 cf8fb919251529d57a1f318311b3707a http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 151664 20c364a8b683a0c4ba27567503cf5296 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 99356 e0c14c26cb974c7825f345cd70429841 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 3186134 44a50ae97caf252433b0ecfac295ec59 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-22-sparc64-smp_2.6.32-22.35_sparc.deb Size/MD5: 652300 cd39dcccee9c7a771274cdf208530af6 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.32-22-sparc64_2.6.32-22.35_sparc.deb Size/MD5: 651290 f71657ec5a90274fe87615325f631740 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-22-sparc64-smp_2.6.32-22.35_sparc.deb Size/MD5: 22598018 851cda52ff2ffdd88b0732c63f74b5c8 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.32-22-sparc64_2.6.32-22.35_sparc.deb Size/MD5: 22149494 2e6f4fc8428d316ccf24367738ec4cdb http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.32-22.35_sparc.deb Size/MD5: 771020 0f4a6d78f1bfc4c66dec85397a1dfe38 http://ports.ubuntu.com/pool/main/l/linux/linux-tools-2.6.32-22_2.6.32-22.35_sparc.deb Size/MD5: 198080 42b0b00c0a74c8f19e63959105f8312f http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 280878 fd57b5da83294769b64c507d1819bf0e http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 214702 5aacff2a187543bc7c03d401f68607be http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 31894 37e7ede984e9a95085fef957bd24f9d3 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 337020 a60a63332965ca2e7eb04b9e5af55555 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 1765768 473b47001814ec3dcfe3f7d13b591ddf http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 246854 4fcf74412f97aaad8445b41a8568ed9d http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 139988 d2f75d8b75b929fbf9220da8bdf7e589 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 39912 a365983317c1b3c4dda94e11903aff3b http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 206902 462e5550a90007c8c5418938dd676f6b http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 9178 c9f2992677c044041a448845a7d38b11 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 64466 52cf00bc003b8b5701298fad5517731f http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 212946 fbbb948d246dbea1ce131546d8bf6c2e http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 1272618 4aec314341cdc776f20508b90866f5ae http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 96624 f0995ec49806ff5ede44bd80ff510d6e http://ports.ubuntu.com/pool/main/l/linux/squashfs-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 17702 9eb7b43e2289a69f9dcd478a5dc8d754 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 208204 b7724ff354d34b60cf7e2c5f50e61637 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 193306 12a8a53ca0ef921b491d73d2bc051f73 http://ports.ubuntu.com/pool/main/l/linux/vlan-modules-2.6.32-22-sparc64-di_2.6.32-22.35_sparc.udeb Size/MD5: 27206 6ae9400c4f74471e4b0baa8e12220191 . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Linux Kernel e1000 Driver Denial of Service Vulnerability SECUNIA ADVISORY ID: SA35265 VERIFY ADVISORY: http://secunia.com/advisories/35265/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "e1000_clean_rx_irq()" function in drivers/net/e1000/e1000_main.c. SOLUTION: Fixed in the GIT repository. http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10 PROVIDED AND/OR DISCOVERED BY: Neil Horman ORIGINAL ADVISORY: http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Fixes for CVE-2010-0419 caused failures when using KVM in certain situations. We apologize for the inconvenience. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4537 Fabian Yamaguchi reported a missing check for Ethernet frames larger than the MTU in the r8169 driver. CVE-2010-0727 Sachin Prabhu reported an issue in the GFS2 filesystem. CVE-2010-1083 Linus Torvalds reported an issue in the USB subsystem, which may allow local users to obtain portions of sensitive kernel memory. CVE-2010-1087 Trond Myklebust reported an issue in the NFS filesystem. This has an unknown security impact. CVE-2010-1173 Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from Codenomicon Ltd reported an issue in the SCTP subsystem that allows a remote attacker to cause a denial of service using a malformed init package. CVE-2010-1187 Neil Hormon reported an issue in the TIPC subsystem. CVE-2010-1437 Toshiyuki Okajima reported a race condition in the keyring subsystem. CVE-2010-1446 Wufei reported an issue with kgdb on the PowerPC architecture, allowing local users to write to kernel memory. Note: this issue does not affect binary kernels provided by Debian. The fix is provided for the benefit of users who build their own kernels from Debian source. CVE-2010-1451 Brad Spengler reported an issue on the SPARC architecture that allows local users to execute non-executable pages. See the referenced Debian bug page for details. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-22lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+22lenny1 Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-22lenny1.dsc Size/MD5 checksum: 5778 713b8a3f2bc10816264a81c0a9eb7860 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-22lenny1.diff.gz Size/MD5 checksum: 7894925 86ecf2ca8808aea84b0af06317616a6c Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-22lenny1_all.deb Size/MD5 checksum: 126228 be9c5c392a1ab0cf0a297063abf983f6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-22lenny1_all.deb Size/MD5 checksum: 1764832 b0d63ac0b12a0679867b8b53bf4c3a54 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-22lenny1_all.deb Size/MD5 checksum: 2871892 c5c0e0d8ea193812566f9481e6ca8440 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-22lenny1_all.deb Size/MD5 checksum: 48764508 9a203c801fd068d282d1cbb11fbab68f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-22lenny1_all.deb Size/MD5 checksum: 4627886 fe792ad0bcf2c9f8ac4bb496e9885a20 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-22lenny1_all.deb Size/MD5 checksum: 110906 6ef2c4468e55570a3e571021299d4760 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 374304 046703c72d1bf6bcc81cb462e0f4d7ec http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 372708 a6922d1de2035d2745d5ad56a6e38eb9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 28676342 687312e7cdf46a79c7c4b974cbe5b542 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 3620318 4c7448f11e8a63ddec95b7ddaf6e9c02 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 29374588 452a568c8f74d69e3b7ba6e1685d4863 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 373176 fbda1e3fb70a213ee26ab4e0a5af16a7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 110428 82fc153ba577607964e55ce0d5eba8a8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 110404 9e24c63932b52a18206f951f18438a90 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 760714 dbef4d63df60be4c54e5a8999b2f1203 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-22lenny1_alpha.deb Size/MD5 checksum: 28661322 db654cfdd26ec48b75fbf73bae54d15b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 391290 529d0af88248eeb9db6c720147c3c9c9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 1809098 2119049dd7757d1a7aa9b0cb6d65a4e6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 753158 c06cd160c023755232e79c187b20a98e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 391970 7e2145ea394dcbd739307b7cff343ffc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 387348 d76eb180fa81f742ee87d9524f3bc5a3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 20949852 a3c0bd81f9f9cc96d2e42521fb963fb9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 3757248 db362b7459220059221418a2b1542659 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 110338 19ec7c8ca6e51c0a93352a059f9d5df8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 19315990 c185e17d0ca1ed640106dbb828c919f8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 110374 0e703e2b4306ca1e68cc61460ef86686 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 21102730 604476ba9a35fdb435b4409e5323cf89 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 3724662 ae8fed857d819d7a3dd5b3085c367085 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 3780338 a2cd8cdd414be8c412bd923576ccb456 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 3856722 9621b8e802a4e482de1db03572b0f72d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 20931422 9d71c45188552af06abd5a04d62b7c84 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 110350 acdbea58008fec881f380752f9fc3ea6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-22lenny1_amd64.deb Size/MD5 checksum: 397220 709b723fefd37764ab8bffb079eb312f arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 12494622 96304f7aa2bddb3ea2ef404afaa4a513 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 352980 44e27ad26963a2c1dbed9240b28d7c5b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 10294730 8066047f7d15cd2f7a6c93018cfaae37 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 369410 e26f28edccaeabf04dec8e4d2d8cc88f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 11443274 d9232ed2bbde0e851f72488a2eea831d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 110444 631821dedb019f48b3133246338f4521 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 751260 027d7225ddd40e26f12a9c7c7cc17b55 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 4140556 a36e76af416da97176639d34a6dd42a2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 368088 8388881b72ce56cef47cb61a51abfe8d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 11731284 cc6e8949fe66950db619eb2996332572 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 110404 611a83d9ddb07104525d3ae7eca714b8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-22lenny1_arm.deb Size/MD5 checksum: 364180 878a5bd8fa6419dd6efe6422c7a14cbc armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 365700 0327b96ec1802e56c4ffee19ce1c9dc5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 368810 05ee76d995844fc8461223846ab41802 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 110358 830c76ccdf7d7c99f3ea84e1e8bc962d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 11691670 0ecbec767291466b244fd83506f1e112 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 110392 c64900dc9ec3812df164d47c006ecffe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 11399558 2d16b67f176b8223bd4dd33b90217a2e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 340088 3b6e8d8210d6e6e68eee6ddc2cab8f09 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 4136736 42aebe2283d941bb7724daf03882914d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 12451186 f22b998fbdfa29023573bf9b6988dba9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 751906 d1d0480ba764b4ca3bdae8a651acd066 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 9606938 569b72a642446ac1ffe4ed2aa13f50aa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-22lenny1_armel.deb Size/MD5 checksum: 370546 a3f2c479e65c9ae3be17641001b33afc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 302516 dd1800b19f0df391bd05658a0a7846c0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 110354 479a0788049f39e648e57a3c5007b993 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 3598606 4429cb37eda685553dde7198e5b47fd5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 762928 fe2e02babc93f6bdcc16c8f7ad8a5a88 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 301842 1e58cca757600c08424118ace4a50da5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 110374 9198f6103932b14d766b0e4c32110806 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 301034 890ed76fde4dedddcb9db60f7ba0091d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 17127808 a2cffd928aa5e30ab9f1f30e41b9aed1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 17678124 53aa5bddb6f2af761a8bfcb1fef54d02 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 15784596 c892e98e5ab6fcf6aa84aa5e5021309f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 16388546 0ce6b1186e64e745a0680088d2c9fcad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-22lenny1_hppa.deb Size/MD5 checksum: 303348 6991ba8c20ae638798fda57540014d30 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 399720 ee32214acdf697edca92068f2d64f8b3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 110450 191bb7f29ece9f8ea2f8cff03efae3cd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 398126 32ef574340b20e8f2c7465f2290a8c0b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 413242 a5f35b11ae06961132fd16e21d5b5337 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 409820 586c33fc476019b08a3b75816d9bf520 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 110392 3f9c02cb47bc1070b92358227e030768 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 20530142 c8e9146e82955c0dda3bcabe8b7542ef http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 20509696 98b0e600e9bca75f016f1c4878d9d8e7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 767274 369a4858f7dfa2560ec664a08fdbac42 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 3865974 0510efa636bb1554f9a2c040c1ee6f19 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 20409094 798b4bb9a4b8d81affc30dbc2f284cc3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 20679068 6b6c2a57037f510313311d76849a9b0a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 3807640 6b21b3346b8196f19ea59d16a2e7b8f4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 18198474 627d51edc59f86bd8dfe2e7a74a25723 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 20381812 493e6acfd2d47e456d1471ef44dd18ba http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 1596580 5f456e26e01a793881871f4d683b13b1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 417750 057786734b1771be73cea6c484a09cce http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 410364 4f381b525756e6cf131be68398e58fe7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 110394 46fba74b6675f6df2057da14ba3931f9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 409858 99ce0b8165bd71e4b90745ad5a7577d1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 3947966 aabcdf68ca8c4d35d87ad2eecb569517 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 20350468 fb0caa5f722a968820562223577a4e74 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 21022322 befe070ada9e62a69c15f38c9f0e706a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 3842206 b5e7820e844761d65d8dbf0a4ea639e5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-22lenny1_i386.deb Size/MD5 checksum: 411454 771b6960fbfd4658124eac3673e01e90 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 359186 d2391d9bdb5fe861abe5fbd0f9f2f989 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 3659176 8df0d712004a67cafedb9b4926970368 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 359256 18a5fda7c38b900462ea120ae04a3c98 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 34440420 2eddbf5140a8dc8a4a74d4e11a77ea44 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 751862 329f5ddfc14f4f6e63aa3834f7a927fe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 3691882 19f4f11bbad0443a7ae7153823bcc0e7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 359722 f3d89cc673ff0f2e5b7ff2e718ff44f1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 34252074 96729f987e7b7e02802b240da3a3293c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 34376386 f97af824a762b90b102d84f5c1bf65f8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 110350 9881f68b5f5446c4c773dc60d655a589 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 34191126 c5412cb1277801d2a2488be36dc1ad0e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 110386 c1ddbef0eeae94731617e277b32018c6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-22lenny1_ia64.deb Size/MD5 checksum: 359654 cba07c82268fc13d6007ecf4be2c8508 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 262068 31c1aadffe81551bef675f9bc91b6f1e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 29432478 38c75d466da039b9e2ac1c70898b50ae http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 358936 9ec1ce1473362c253cf4dc7d2fd791f6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 3966442 111674b840698cede9cdf3ecec2d5e3b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 302384 7f9f26f809e46a4748158588402d7ace http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 359360 d07b20a27666a8cb2c43f03eeb729c57 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 285392 9d513d80efd66be3e9ba7fa929b13b5f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 303780 3a507cccd77e01f7449a8ff73a3e5f6f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 760156 80eaea319450a06fe9c2310bdff051e2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 23504896 f928208abb4eb3ade6185409df5fa417 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 20252984 09ee52755ae4cf03ca082e8dbc977206 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 20244176 3c568fce5cab57746ca1dc53c8fcc754 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 110400 6676cd4c8df659937bac47ed0c08bf37 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 110464 fcbbce5e6741f1a1ec4830dba9a8ee91 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 11542616 0ead2243e1d4c2cb50760d97f9a6a2f7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-22lenny1_mips.deb Size/MD5 checksum: 15769388 08c7a66b4f1a5c9bc9f8cc5683d5786f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 19682018 7e665290822815634b1666523270919e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 110460 445931c0ad4fa00f8875f5cbaf9d83aa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 19667420 02ae9fef2fea1c4ccd667c73025039f9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 760930 064ffab1507d84791e943528662e4c86 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 297650 4433daa21c6e697d8c1bb33355e14ee1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 359828 870a33c1aea0535ab0b25f3016aa9623 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 23074870 998294807dde61335d413ecf50fdbf3b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 3967560 590a467f25e74daf442dfd54caaf104e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 303240 9620ba551b29adb6052e13f8277347c0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 302768 59fe05d578020afc8e1e8fe3fce3b41c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 28568828 86e20054979d1ffc56c24f5db73d044a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 110406 3a073335ba3488e55549b82e005fefda http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 15056072 429c33859de62cdfaa86e809e8625bec http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-22lenny1_mipsel.deb Size/MD5 checksum: 359706 43272f2843e3b39735812c24aad332f5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 110358 eb7bc8e6a28a6801bc7be5d22bf95a2f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 23581674 48797e6c39bef5a0fd120d973b541f07 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 363808 c2c489e8798d50db73d709367e390113 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 365378 a4c38de9a287a71e84d09d5474393d41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 110392 9dd420c73a4b0c7d55fe2372a439adfb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 23420066 5bf69b74154de2ae05db3280f2070b74 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 3782640 31d483da8ccb87dbd7f75200515c8b3f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 23474914 42ba4ae5a23355aba50cb1a8c018a631 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 366524 a3970adc5168a37d49f28c5ce4ca05ff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 746782 d0ef1631862e4130479ce4e3da0a6050 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 3814900 2b936155fef59a231764ca014043b806 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 370710 35281c3da9947c322b12a014adabbcad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 23159310 22caa95faeb5687d37e677b4e34503b6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 371066 9961d473b25000f7bb7a23bde2720323 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-22lenny1_powerpc.deb Size/MD5 checksum: 23557104 bd8ab7bd0594a795f34dac94ee24ffae s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 758022 786d9ca518b1a573caf38f5492104cc4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 238208 3155d20f0210f5fd9a2e27fc28165502 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 236574 05d74c2012431ee9bdae90e172a82de0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 237136 7950ba3ebfc31e3cf6536b34eccaf684 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 7828888 56510e3515975d5ed979a55fb0bb14b7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 1633146 654e757be4670f764a99049c7984aa98 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 3633806 0c911d5a677f4fdb22f44cf617cd8374 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 7534830 da50ed9bfd6846d2ab2ced362b19ab4e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 7889984 06c9c7d89731808d7e376986cc472843 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 110394 68dd1fe380aa0c9ba6caa84f934569fd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 110416 c1d7fd64b9efab8228f305d5474de5d1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_s390.deb Size/MD5 checksum: 3598560 f63cbef687984b543d1152e013bc95fe sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 14291528 b0e802720e53cb53650b8a2d75d1588d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 304718 aa3ebf9c5e7cde5fc11513c27b4396d0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 110370 d746af2e449aaf644370d7b88a03cf2d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 14631258 b056f4f2245e4e2da6ef8e7549224226 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 14611896 ad3108a56bbacf863b4f18521275887c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 800838 114ac1590a19b405fcacfb06ee36e55a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 3820700 fff1d7baf26f32217a8100ca14875708 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 110352 02deff17df2e96a0ed208d786bdf9315 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 3785870 518b0d1f9d0d13adce8d6707726031ab http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 302894 c9354f7c9769be34b6356e0d042a294e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-22lenny1_sparc.deb Size/MD5 checksum: 304918 228d8163856c2e8e261b0fd086475d68 These files will probably be moved into the stable distribution on its next update |
| var-201904-1408 | A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that comes with the default browser on MacOSX and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-24-4 Additional information for APPLE-SA-2018-9-17-1 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Entry added September 24, 2018 Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Entry added September 24, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) Entry added September 24, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: an anonymous researcher Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4197: Ivan Fratric of Google Project Zero CVE-2018-4306: Ivan Fratric of Google Project Zero CVE-2018-4312: Ivan Fratric of Google Project Zero CVE-2018-4314: Ivan Fratric of Google Project Zero CVE-2018-4315: Ivan Fratric of Google Project Zero CVE-2018-4317: Ivan Fratric of Google Project Zero CVE-2018-4318: Ivan Fratric of Google Project Zero Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. CVE-2018-4345: an anonymous researcher Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative Entry added September 24, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018 Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Additional recognition Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Feedback Assistant We would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro's Zero Day Initiative for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUMACgkQeC9tht7T K3Gpbg/9HBJDw9agGt5ZwLBzc5njAETI5Hxk0LDn5PjvmXpxD0kB/GcuH5vODNfi TOUNox5KfIIaD0HB1qo5zq4zdh1VmnCNKALJK0wY0U3KaACRghu0xTjpbXsYcYQy 4aGdt+UuiPBqsMkSUrakba1JHcYWrpc4GfUaxIUZw+aFdA0G2oUOYAN5w3a3I01A aVY1Qzq93MdUCjdr3ASXn4gdMtZeYAze4dXCkmvOXS8CPG4xok2C/MdwaTRKh1ex S74YkM+Oz+mAG+3uebwexeHWLUbFHKBr4KXu2DFvpJ4JxNu57SOqwEDDfauVOCHb 13YFf+i+Zh5g9SODQJFXDXk6Cl6MlTuEsLcr1YX8xqmSLilaFJTiz7nxxAG0Qctb Z80wHbzQeGaGQwEy1A99X7X33PupzyaJFiK/4F8O5neo18LliunU01Tzk16sgYFt 4Jg/e5+EkcGf1TJiCTMzIPDVsMBDRcTV9KMBUjr+LmbBJ5T8XKdg5nuEURKT3QFQ h05+La/AFn+sJ8FFTK0WQmvM96vKQELyBBC9Npa7n1riCPHldPt9+vQ3wVwo5MD4 SdGfACevV+Qf8G1A064fM74nrJOnoqLowQiCtMSOpMx3PWwX0Pzw2SVyaFG3cLAv 221+OCYYcniG7UPdjoFv7kObGFEUC9vt1TS76VfolzKWd/fcakg= =JOUe -----END PGP SIGNATURE----- . Installation note: Safari 12 may be obtained from the Mac App Store |
| var-201904-0753 | A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple The product has a memory corruption vulnerability due to incomplete processing related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Safari is a web browser developed as the default browser included with MacOSX and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. An attacker could exploit this vulnerability to cause an assertion failure (memory corruption). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 02, 2018 Bugs: #667892 ID: 201812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.0 >= 2.22.0 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0" References ========== [ 1 ] CVE-2018-4191 https://nvd.nist.gov/vuln/detail/CVE-2018-4191 [ 2 ] CVE-2018-4197 https://nvd.nist.gov/vuln/detail/CVE-2018-4197 [ 3 ] CVE-2018-4207 https://nvd.nist.gov/vuln/detail/CVE-2018-4207 [ 4 ] CVE-2018-4208 https://nvd.nist.gov/vuln/detail/CVE-2018-4208 [ 5 ] CVE-2018-4209 https://nvd.nist.gov/vuln/detail/CVE-2018-4209 [ 6 ] CVE-2018-4210 https://nvd.nist.gov/vuln/detail/CVE-2018-4210 [ 7 ] CVE-2018-4212 https://nvd.nist.gov/vuln/detail/CVE-2018-4212 [ 8 ] CVE-2018-4213 https://nvd.nist.gov/vuln/detail/CVE-2018-4213 [ 9 ] CVE-2018-4299 https://nvd.nist.gov/vuln/detail/CVE-2018-4299 [ 10 ] CVE-2018-4306 https://nvd.nist.gov/vuln/detail/CVE-2018-4306 [ 11 ] CVE-2018-4309 https://nvd.nist.gov/vuln/detail/CVE-2018-4309 [ 12 ] CVE-2018-4311 https://nvd.nist.gov/vuln/detail/CVE-2018-4311 [ 13 ] CVE-2018-4312 https://nvd.nist.gov/vuln/detail/CVE-2018-4312 [ 14 ] CVE-2018-4314 https://nvd.nist.gov/vuln/detail/CVE-2018-4314 [ 15 ] CVE-2018-4315 https://nvd.nist.gov/vuln/detail/CVE-2018-4315 [ 16 ] CVE-2018-4316 https://nvd.nist.gov/vuln/detail/CVE-2018-4316 [ 17 ] CVE-2018-4317 https://nvd.nist.gov/vuln/detail/CVE-2018-4317 [ 18 ] CVE-2018-4318 https://nvd.nist.gov/vuln/detail/CVE-2018-4318 [ 19 ] CVE-2018-4319 https://nvd.nist.gov/vuln/detail/CVE-2018-4319 [ 20 ] CVE-2018-4323 https://nvd.nist.gov/vuln/detail/CVE-2018-4323 [ 21 ] CVE-2018-4328 https://nvd.nist.gov/vuln/detail/CVE-2018-4328 [ 22 ] CVE-2018-4358 https://nvd.nist.gov/vuln/detail/CVE-2018-4358 [ 23 ] CVE-2018-4359 https://nvd.nist.gov/vuln/detail/CVE-2018-4359 [ 24 ] CVE-2018-4361 https://nvd.nist.gov/vuln/detail/CVE-2018-4361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 iOS 12 addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Auto Unlock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to access local users AppleIDs Description: A validation issue existed in the entitlement verification. CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4412: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4414: The UK's National Cyber Security Centre (NCSC) Entry added October 30, 2018 CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. CVE-2018-4356: an anonymous researcher CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4347: an anonymous researcher Entry added October 30, 2018 Crash Reporter Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4333: Brandon Azad Grand Central Dispatch Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4426: Brandon Azad Entry added October 30, 2018 Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4331: Brandon Azad CVE-2018-4332: Brandon Azad CVE-2018-4343: Brandon Azad Entry added October 30, 2018 iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A configuration issue was addressed with additional restrictions. CVE-2018-4355: evi1m0 of bilibili security team Entry added October 30, 2018 IOHIDFamily Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation CVE-2018-4408: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4341: Ian Beer of Google Project Zero CVE-2018-4354: Ian Beer of Google Project Zero Entry added October 30, 2018 IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2018-4383: Apple Entry added October 30, 2018 IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad IOUserEthernet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4401: Apple Entry added October 30, 2018 iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. CVE-2018-4399: Fabiano Anemone (@anoane) Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4363: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation. CVE-2018-4407: Kevin Backhouse of Semmle Ltd. Entry added October 30, 2018 Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4336: Brandon Azad CVE-2018-4337: Ian Beer of Google Project Zero CVE-2018-4340: Mohamed Ghannam (@_simo36) CVE-2018-4344: The UK's National Cyber Security Centre (NCSC) CVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 mDNSOffloadUserClient Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team Entry added October 30, 2018 MediaRemote Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs Entry added October 30, 2018 Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4352: Utku Altinkaynak Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2018-4395: Patrick Wardle of Digita Security Entry added October 30, 2018 Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Symptom Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative Entry added October 30, 2018 Text Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4304: jianan.huang (@Sevck) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4299: Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative CVE-2018-4323: Ivan Fratric of Google Project Zero CVE-2018-4328: Ivan Fratric of Google Project Zero CVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative CVE-2018-4359: Samuel GroA (@5aelo) CVE-2018-4360: William Bowling (@wcbowling) Entry added October 30, 2018 WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with "iframe" elements. CVE-2018-4319: John Pettitt of Google WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4345: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by OSS-Fuzz Additional recognition APFS We would like to acknowledge Umang Raghuvanshi for their assistance. Assets We would like to acknowledge Brandon Azad for their assistance. configd We would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. CoreSymbolication We would like to acknowledge Brandon Azad for their assistance. Exchange ActiveSync We would like to acknowledge Jesse Thompson of University of Wisconsin-Madison for their assistance. Kernel We would like to acknowledge Brandon Azad for their assistance. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek A>>A3Akiewski for their assistance. MediaRemote We would like to acknowledge Brandon Azad for their assistance. Safari We would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Status Bar We would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgYpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HbuA// ZOEwXUyLVS3SqfEjU3MRUoTp1x+Ow+fd5co9B6v7bY+Ebc2KmSZjpPuNPjouRHmf RbWpZ0Mc52NYm+OdYqPu/Tg94wRi6tlrYusk6GngVH4IBER4TqiFrLNSzAjXL0xP qWv3JQcAIFNbNWpSEzDzEbuq85q4BIuP/+v2LpTc1ZWqIYt9TQHxUpyjoTXZvQhL 8L9ZM/dj8BC+m713LeC/KzveaDpaqnVJUDbgUkzRyFfFqOJt+hlaTS8yMUM3G+TX cblL8bvFNIxtUrt4Rf2TwDRVxUZIw/aFK2APmxVZ44UAT+2o+WFxBkHRXQiZc4Lk OaTzzkocdZu4q4MibrxELBWtW46AcGMqQKUpFZ6GR+4U2c1ICRwKnjQTn0iY7mg7 d+M+bTx8T2knwV7lSwvnHz79rysvOuCF3QCAZ4tW4PvLHWSZ0TpJho8z23PLHFQd J3cOYPby6SM9YP6SBISX5OI8xnvr1XIAPIBnOy0ScaMFsu0Er8j1hvbF1fXiaYOJ CSUUXR2th3jPW0g9L0j4vWGURG1h0psIN2MxTSHbmm4KXBAYngZ0wDOeJMUe8YMy IG0UBDqKNh8lzKHcc4aYA1WyaNsqbgbngBqDATp/XyWRzd+Py/U06MVuIaV095Rv s9WW67M1kLHy4BeutXt+xLBp9AugI+gU53uysxcnBx4= =dGPm -----END PGP SIGNATURE----- . Installation note: Safari 12 may be obtained from the Mac App Store. ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018 |
| var-201302-0406 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the JavaFX D3DRendererDelegate class. A value utilized by the class constructor is passed to a native function and is interpreted as a pointer to an object. An attacker could leverage this to gain remote code execution under the context of the process. Note: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it. This vulnerability affects the following supported versions: 7 Update 11, 6 Update 38, JavaFX 2.2.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Oracle Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 RELEASE DATE: 2013-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/52064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 2) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 5) An unspecified error in the AWT component of the client and server deployment can be exploited to potentially execute arbitrary code. 23) An unspecified error in the Deployment component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS. 24) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges. 25) An unspecified error in the AWT component of the client deployment can be exploited to disclose and manipulate certain data. 26) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 27) An unspecified error in the Deployment component of the client deployment can be exploited to manipulate certain data. 28) An unspecified error in the JAX-WS component of the client deployment can be exploited to disclose certain data. 29) An unspecified error in the JAXP component of the client deployment can be exploited to disclose certain data. 30) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 31) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 32) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 33) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 34) An unspecified error in the Networking component of the client deployment can be exploited to manipulate certain data. 35) An unspecified error in the RMI component of the client deployment can be exploited to manipulate certain data. 36) An unspecified error in the JSSE component of the server deployment can be exploited via SSL/TLS to cause a DoS. 37) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 38) An unspecified error in the JSSE component of the client deployment can be exploited via SSL/TLS to disclose and manipulate certain data. The vulnerabilities are reported in the following products: * JDK and JRE 7 Update 11 and earlier. * JDK and JRE 6 Update 38 and earlier. * JDK and JRE 5.0 Update 38 and earlier. * SDK and JRE 1.4.2_40 and earlier. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: One of the vulnerabilities is reported as a 0-day. It is currently unclear who reported the remaining vulnerabilities as the Oracle Jave SE Critical Patch Update for February 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2013:0237-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0237.html Issue date: 2013-02-04 CVE Names: CVE-2012-1541 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0430 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0448 CVE-2013-0449 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1479 CVE-2013-1480 CVE-2013-1489 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1489) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 13 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906449 - CVE-2013-1489 Oracle JDK 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906930 - CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install) 906932 - CVE-2013-0449 Oracle JDK: unspecified vulnerability fixed in 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906934 - CVE-2013-0448 Oracle JDK: unspecified vulnerability fixed in 7u13 (Libraries) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907190 - CVE-2013-1479 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JavaFX) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907222 - CVE-2013-0437 Oracle JDK: unspecified vulnerability fixed in 7u13 (2D) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.i386.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.i386.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.1.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.1.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.i686.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.13-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.13-1jpp.3.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0430.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0437.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0448.html https://www.redhat.com/security/data/cve/CVE-2013-0449.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1479.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1489.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFREE70XlSAg2UNWIIRAl0aAJ9geHwpDX2Kb2LdBP3WSQxnPNr97gCgmyRY c2rbNUSIrrFwoG5d602o5QY= =Kt+4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce |
| var-201107-0102 | Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. Windows Run on Apple Safari of libxml There is one gap (Off-by-one) An error vulnerability exists. This vulnerability libxml Vulnerability. Apple Safari is prone to a remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will crash the application. This issue affects Apple Safari versions prior to 5.1 and 5.0.6. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. CVE-2011-2821: A memory corruption (double free) bug has been identified in libxml2's XPath engine. Through it, it is possible to an attacker allows cause a denial of service or possibly have unspecified other impact. This vulnerability does not affect the oldstable distribution (lenny). CVE-2011-2834: Yang Dingning discovered a double free vulnerability related to XPath handling. CVE-2011-3905: An out-of-bounds read vulnerability had been discovered, which allows remote attackers to cause a denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny5. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 2.7.8.dfsg-7. For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-7. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error within CFNetwork when using the NTLM authentication protocol can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. This can lead to certificates signed by the disabled root certificates being validated. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 14) A cross-origin error when handling certain fonts in Java Applets can lead to certain text being displayed on other sites. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 17) A cross-origin error when handling Web Workers can lead to certain information being disclosed. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 21) An error within the handling of RSS feeds may lead to arbitrary files from a user's system being sent to a remote server. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. The weakness and the vulnerabilities are reported in versions prior to 5.1 and 5.0.6. SOLUTION: Update to version 5.1 or 5.0.6. PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Vazquez via iDefense The vendor credits: 1) Hidetake Jo via Microsoft Vulnerability Research (MSVR) and Neal Poole, Matasano Security 2) Takehiro Takahashi, IBM X-Force Research 3) An anonymous reporter 5) Harry Sintonen 6) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 7) David Bienvenu, Mozilla 9) Cyril CATTIAUX, Tessi Technologies 11) Chris Evans, Google Chrome Security Team 12) Billy Rios, Google Security Team 13) Florian Rienhardt of BSI, Alex Lambert, and Jeremiah Grossman 14) Joshua Smith, Kaon Interactive 16) Nicolas Gregoire, Agarri 17) Daniel Divricean, divricean.ro 18) Jobert Abma, Online24 19) Sergey Glazunov 20) Jordi Chancel 21) Jason Hullinger 22) Mike Cardwell, Cardwell IT The vendor provides a bundled list of credits for vulnerabilities in #15: * David Weston, Microsoft and Microsoft Vulnerability Research (MSVR) * Yong Li, Research In Motion * SkyLined, Google Chrome Security Team * Abhishek Arya (Inferno), Google Chrome Security Team * Nikita Tarakanov and Alex Bazhanyuk, CISS Research Team * J23 via ZDI * Rob King via ZDI * wushi, team509 via ZDI * wushi of team509 * Adam Barth, Google Chrome Security Team * Richard Keen * An anonymous researcher via ZDI * Rik Cabanier, Adobe Systems * Martin Barbella * Sergey Glazunov * miaubiz * Andreas Kling, Nokia * Marek Majkowski via iDefense * John Knottenbelt, Google ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4808 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-228/ NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The advisory will be updated when a patch is available. Summary VMware ESX updates to ESX Service Console. Relevant releases ESX 4.1 without patches ESX410-201204401-SG,ESX410-201204402-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201204401-SG ESX 4.0 ESX patch pending ** ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. ** Two of the three issues, CVE-2011-3191 and CVE-2011-4348, have already been addressed on ESX 4.0 in an earlier kernel patch. See VMSA-2012-0006 for details. b. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201204402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESX 4.1 ------- ESX410-201204001 md5sum: 7994635547b375b51422b1a166c6e214 sha1sum: 9d5f3c9cbc53a9e03524b9bf0935c71f3dadf620 http://kb.vmware.com/kb/2013057 ESX410-201204001 contains ESX410-201204401-SG and ESX410-201204402-SG 5. Change log 2012-04-26 VMSA-2012-0008 Initial security advisory in conjunction with the release of patches for ESX 4.1 on 2012-04-26. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:0017-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0017.html Issue date: 2012-01-11 CVE Names: CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 ===================================================================== 1. Summary: Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm x86_64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm ia64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm ppc: libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm s390x: libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm x86_64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDc8yXlSAg2UNWIIRAp0FAKCr3G8qJvCfqK4BJBzJsMWlSYXXFQCgxNs7 ZcFDHRyFhx22yjGNtU/I5SA= =FALM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4 Apple TV Software Update 4.4 is now available and addresses the following: Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted. Apple TV Available for: Apple TV 4.0 through 4.3 Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate. CVE-ID CVE-2011-3427 Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker could decrypt part of a SSL connection Description: Only the SSLv3 and TLS 1.0 versions of SSL were supported. A man-in-the-middle attacker could have injected invalid data, causing the connection to close but revealing some information about the previous data. If the same connection was attempted repeatedly the attacker may eventually have been able to decrypt the data being sent, such as a password. This issue is addressed by adding support for TLS 1.2. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies Apple TV Available for: Apple TV 4.0 through 4.3 Impact: A remote attacker may cause a device reset Description: The kernel failed to promptly reclaim memory from incomplete TCP connections. An attacker with the ability to connect to a listening service on an iOS device could exhaust system resources. CVE-ID CVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in JavaScriptCore. CVE-ID CVE-2011-3232 : Aki Helin of OUSPG Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security |
| var-201211-0168 | Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a memory-corruption vulnerability. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Note: This issue was previously discussed in BID 56607 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-91 through -106 Multiple Vulnerabilities), but has been moved to its own record to better document it. Thunderbird is an email client that supports IMAP, POP email protocols, and HTML email formats. A remote attacker could exploit this vulnerability to execute arbitrary code through HTML documents. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51382 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51382/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51382 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51382/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51382/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51382 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA51358 SOLUTION: Update to version 10.0.11. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2012:1482-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1482.html Issue date: 2012-11-20 CVE Names: CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 ===================================================================== 1. Summary: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4202) A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. (CVE-2012-4210) A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-4207) A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.11 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 877614 - CVE-2012-5842 Mozilla: Miscellaneous memory safety hazards (rv:10.0.11) (MFSA 2012-91) 877615 - CVE-2012-4202 Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92) 877616 - CVE-2012-4201 Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93) 877628 - CVE-2012-5841 Mozilla: Improper security filtering for cross-origin wrappers (MFSA 2012-100) 877629 - CVE-2012-4207 Mozilla: Improper character decoding in HZ-GB-2312 charset (MFSA 2012-101) 877632 - CVE-2012-4209 Mozilla: Frames can shadow top.location (MFSA 2012-103) 877633 - CVE-2012-4210 Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104) 877634 - CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5839 CVE-2012-5840 Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105) 877635 - CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-10.0.11-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.11-1.el5_8.src.rpm i386: firefox-10.0.11-1.el5_8.i386.rpm firefox-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-10.0.11-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.11-1.el5_8.i386.rpm x86_64: firefox-10.0.11-1.el5_8.i386.rpm firefox-10.0.11-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.11-1.el5_8.i386.rpm firefox-debuginfo-10.0.11-1.el5_8.x86_64.rpm xulrunner-10.0.11-1.el5_8.i386.rpm xulrunner-10.0.11-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.11-1.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-10.0.11-1.el5_8.src.rpm i386: xulrunner-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-devel-10.0.11-1.el5_8.i386.rpm x86_64: xulrunner-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.11-1.el5_8.x86_64.rpm xulrunner-devel-10.0.11-1.el5_8.i386.rpm xulrunner-devel-10.0.11-1.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-10.0.11-1.el5_8.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-10.0.11-1.el5_8.src.rpm i386: firefox-10.0.11-1.el5_8.i386.rpm firefox-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-10.0.11-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-devel-10.0.11-1.el5_8.i386.rpm ia64: firefox-10.0.11-1.el5_8.ia64.rpm firefox-debuginfo-10.0.11-1.el5_8.ia64.rpm xulrunner-10.0.11-1.el5_8.ia64.rpm xulrunner-debuginfo-10.0.11-1.el5_8.ia64.rpm xulrunner-devel-10.0.11-1.el5_8.ia64.rpm ppc: firefox-10.0.11-1.el5_8.ppc.rpm firefox-debuginfo-10.0.11-1.el5_8.ppc.rpm xulrunner-10.0.11-1.el5_8.ppc.rpm xulrunner-10.0.11-1.el5_8.ppc64.rpm xulrunner-debuginfo-10.0.11-1.el5_8.ppc.rpm xulrunner-debuginfo-10.0.11-1.el5_8.ppc64.rpm xulrunner-devel-10.0.11-1.el5_8.ppc.rpm xulrunner-devel-10.0.11-1.el5_8.ppc64.rpm s390x: firefox-10.0.11-1.el5_8.s390.rpm firefox-10.0.11-1.el5_8.s390x.rpm firefox-debuginfo-10.0.11-1.el5_8.s390.rpm firefox-debuginfo-10.0.11-1.el5_8.s390x.rpm xulrunner-10.0.11-1.el5_8.s390.rpm xulrunner-10.0.11-1.el5_8.s390x.rpm xulrunner-debuginfo-10.0.11-1.el5_8.s390.rpm xulrunner-debuginfo-10.0.11-1.el5_8.s390x.rpm xulrunner-devel-10.0.11-1.el5_8.s390.rpm xulrunner-devel-10.0.11-1.el5_8.s390x.rpm x86_64: firefox-10.0.11-1.el5_8.i386.rpm firefox-10.0.11-1.el5_8.x86_64.rpm firefox-debuginfo-10.0.11-1.el5_8.i386.rpm firefox-debuginfo-10.0.11-1.el5_8.x86_64.rpm xulrunner-10.0.11-1.el5_8.i386.rpm xulrunner-10.0.11-1.el5_8.x86_64.rpm xulrunner-debuginfo-10.0.11-1.el5_8.i386.rpm xulrunner-debuginfo-10.0.11-1.el5_8.x86_64.rpm xulrunner-devel-10.0.11-1.el5_8.i386.rpm xulrunner-devel-10.0.11-1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-10.0.11-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm i386: firefox-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm x86_64: firefox-10.0.11-1.el6_3.i686.rpm firefox-10.0.11-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-10.0.11-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm x86_64: firefox-10.0.11-1.el6_3.i686.rpm firefox-10.0.11-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-10.0.11-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm i386: firefox-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm ppc64: firefox-10.0.11-1.el6_3.ppc.rpm firefox-10.0.11-1.el6_3.ppc64.rpm firefox-debuginfo-10.0.11-1.el6_3.ppc.rpm firefox-debuginfo-10.0.11-1.el6_3.ppc64.rpm xulrunner-10.0.11-1.el6_3.ppc.rpm xulrunner-10.0.11-1.el6_3.ppc64.rpm xulrunner-debuginfo-10.0.11-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.11-1.el6_3.ppc64.rpm s390x: firefox-10.0.11-1.el6_3.s390.rpm firefox-10.0.11-1.el6_3.s390x.rpm firefox-debuginfo-10.0.11-1.el6_3.s390.rpm firefox-debuginfo-10.0.11-1.el6_3.s390x.rpm xulrunner-10.0.11-1.el6_3.s390.rpm xulrunner-10.0.11-1.el6_3.s390x.rpm xulrunner-debuginfo-10.0.11-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.11-1.el6_3.s390x.rpm x86_64: firefox-10.0.11-1.el6_3.i686.rpm firefox-10.0.11-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm ppc64: xulrunner-debuginfo-10.0.11-1.el6_3.ppc.rpm xulrunner-debuginfo-10.0.11-1.el6_3.ppc64.rpm xulrunner-devel-10.0.11-1.el6_3.ppc.rpm xulrunner-devel-10.0.11-1.el6_3.ppc64.rpm s390x: xulrunner-debuginfo-10.0.11-1.el6_3.s390.rpm xulrunner-debuginfo-10.0.11-1.el6_3.s390x.rpm xulrunner-devel-10.0.11-1.el6_3.s390.rpm xulrunner-devel-10.0.11-1.el6_3.s390x.rpm x86_64: xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-10.0.11-1.el6_3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm i386: firefox-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm x86_64: firefox-10.0.11-1.el6_3.i686.rpm firefox-10.0.11-1.el6_3.x86_64.rpm firefox-debuginfo-10.0.11-1.el6_3.i686.rpm firefox-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-10.0.11-1.el6_3.i686.rpm xulrunner-10.0.11-1.el6_3.x86_64.rpm xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-10.0.11-1.el6_3.src.rpm i386: xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm x86_64: xulrunner-debuginfo-10.0.11-1.el6_3.i686.rpm xulrunner-debuginfo-10.0.11-1.el6_3.x86_64.rpm xulrunner-devel-10.0.11-1.el6_3.i686.rpm xulrunner-devel-10.0.11-1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4201.html https://www.redhat.com/security/data/cve/CVE-2012-4202.html https://www.redhat.com/security/data/cve/CVE-2012-4207.html https://www.redhat.com/security/data/cve/CVE-2012-4209.html https://www.redhat.com/security/data/cve/CVE-2012-4210.html https://www.redhat.com/security/data/cve/CVE-2012-4214.html https://www.redhat.com/security/data/cve/CVE-2012-4215.html https://www.redhat.com/security/data/cve/CVE-2012-4216.html https://www.redhat.com/security/data/cve/CVE-2012-5829.html https://www.redhat.com/security/data/cve/CVE-2012-5830.html https://www.redhat.com/security/data/cve/CVE-2012-5833.html https://www.redhat.com/security/data/cve/CVE-2012-5835.html https://www.redhat.com/security/data/cve/CVE-2012-5839.html https://www.redhat.com/security/data/cve/CVE-2012-5840.html https://www.redhat.com/security/data/cve/CVE-2012-5841.html https://www.redhat.com/security/data/cve/CVE-2012-5842.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQrAQhXlSAg2UNWIIRAoZOAKCKhpGeDkpysgcRxl8aukbRupko8wCgpSj5 sb5bZvy6STTsMSr7lG2E8nQ= =N5l8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Note: All issues except CVE-2012-4202 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" All users of the Mozilla Firefox binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"= All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11" All users of the Mozilla Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11" All Mozilla SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1" All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14" All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14" The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package: # emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package: # emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"= The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package: # emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11" The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package: # emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11" Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: # emerge --unmerge "www-client/icecat" Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: # emerge --unmerge "net-libs/xulrunner" Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: # emerge --unmerge "net-libs/xulrunner-bin" References ========== [ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 |
| var-201207-0279 | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. Juniper Networks Juniper Junos is a network operating system dedicated to the company's hardware systems by Juniper Networks. The operating system provides a secure programming interface and the Junos SDK. A remote denial of service vulnerability exists in Juniper Networks Junos. Attackers can use this vulnerability to exhaust session resources and deny legitimate users. ISC BIND is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an assertion failure in the 'named' process, denying service to legitimate users. This issue may also be exploited to disclose certain memory information to clients. The following versions are affected: BIND 9.6-ESV-R1 through versions 9.6-ESV-R7-P1 BIND 9.7.1 through versions 9.7.6-P1 BIND 9.8.0 through versions 9.8.3-P1 BIND 9.9.0 through versions 9.9.1-P1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:05.bind Security Advisory The FreeBSD Project Topic: named(8) DNSSEC validation Denial of Service Category: contrib Module: bind Announced: 2012-08-06 Credits: Einar Lonn of IIS.se Affects: All supported versions of FreeBSD Corrected: 2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE) 2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10) 2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE) 2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4) 2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10) 2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13) 2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE) 2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4) CVE Name: CVE-2012-3817 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. II. Problem Description BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. III. IV. Workaround No workaround is available, but systems not running the BIND resolving name server with dnssec-validation enabled are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1 and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch # fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/bind/dns # make obj && make depend && make && make install # cd /usr/src/usr.sbin/named # make obj && make depend && make && make install 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 4) Install and run BIND from the Ports Collection after the correction date. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.11 RELENG_7_4 src/UPDATING 1.507.2.36.2.12 src/sys/conf/newvers.sh 1.72.2.18.2.15 src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.8.2.1 RELENG_8 src/contrib/bind9/CHANGES 1.9.2.15 src/contrib/bind9/lib/dns/resolver.c 1.3.2.6 src/contrib/bind9/lib/dns/zone.c 1.6.2.10 src/contrib/bind9/lib/isc/random.c 1.2.2.4 src/contrib/bind9/version 1.9.2.15 RELENG_8_3 src/UPDATING 1.632.2.26.2.6 src/sys/conf/newvers.sh 1.83.2.15.2.8 src/contrib/bind9/lib/dns/resolver.c 1.6.2.7.2.1 RELENG_8_2 src/UPDATING 1.632.2.19.2.12 src/sys/conf/newvers.sh 1.83.2.12.2.15 src/contrib/bind9/lib/dns/resolver.c 1.6.2.4.2.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.16 src/sys/conf/newvers.sh 1.83.2.10.2.17 src/contrib/bind9/lib/dns/resolver.c 1.6.2.3.2.1 RELENG_9 src/contrib/bind9/CHANGES 1.21.2.5 src/contrib/bind9/lib/dns/resolver.c 1.15.2.3 src/contrib/bind9/lib/dns/zone.c 1.7.2.3 src/contrib/bind9/version 1.21.2.5 RELENG_9_0 src/UPDATING 1.702.2.4.2.6 src/sys/conf/newvers.sh 1.95.2.4.2.8 src/contrib/bind9/lib/dns/resolver.c 1.15.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r239108 releng/7.4/ r239108 stable/8/ r238749 releng/8.3/ r239108 releng/8.2/ r239108 releng/8.1/ r239108 stable/9/ r238756 releng/9.0/ r239108 - ------------------------------------------------------------------------- VII. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQFQ2WmqjQ0CJFipgRAkVJAJ9KLXj4zSnbK0m1ZT4guP/FR3EX5ACfbMVz diUeg4S2X8hu9gy471E6t/s= =VSOb -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: ISC BIND Bad Cache Assertion Failure and TCP Query Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA50020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50020 RELEASE DATE: 2012-07-25 DISCUSS ADVISORY: http://secunia.com/advisories/50020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation of this vulnerability requires that DNSSEC validation is enabled. 2) A memory leak error when processing TCP queries can be exploited to increase the number of misplaced ns_client objects and trigger an out-of-memory condition. SOLUTION: Update to version 9.9.1-P2, 9.8.3-P2, 9.7.6-P2, or 9.6-ESV-R7-P2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Einar Lonn, IIS.se 2) Kevin Sheehan, Infoblox, Inc. and Anand Buddhdev, RIPE NCC. ORIGINAL ADVISORY: https://www.isc.org/software/aftr/advisories/cve-2012-3817 https://www.isc.org/software/bind/advisories/cve-2012-3868 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1123.html Issue date: 2012-07-31 CVE Names: CVE-2012-3817 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. (CVE-2012-3817) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 842897 - CVE-2012-3817 bind: heavy DNSSEC validation load can cause assertion failure 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.2.i386.rpm bind-utils-9.3.6-20.P1.el5_8.2.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.2.src.rpm i386: bind-9.3.6-20.P1.el5_8.2.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.2.i386.rpm bind-utils-9.3.6-20.P1.el5_8.2.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.2.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.2.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.2.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.2.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.2.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.2.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.2.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.2.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.2.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.2.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.2.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.2.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.2.s390.rpm bind-devel-9.3.6-20.P1.el5_8.2.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.2.s390.rpm bind-libs-9.3.6-20.P1.el5_8.2.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.2.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.2.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.2.i386.rpm bind-libs-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.2.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.2.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.2.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3817.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-3817 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQF1jgXlSAg2UNWIIRAhfLAKC7IA3Vlbw8YTJSpY/DfKn7S81tIgCgq/b2 7PGAy2HFq2b2y+ASSTx67k0= =uM7c -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-1518-1 July 26, 2012 bind9 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libdns81 1:9.8.1.dfsg.P1-4ubuntu0.2 Ubuntu 11.10: libdns69 1:9.7.3.dfsg-1ubuntu4.3 Ubuntu 11.04: libdns69 1:9.7.3.dfsg-1ubuntu2.5 Ubuntu 10.04 LTS: libdns64 1:9.7.0.dfsg.P1-1ubuntu0.6 In general, a standard system update will make all the necessary changes |
| var-202408-0012 | A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. Siemens' omnivise t3000 application server Exists in a past traversal vulnerability.Information may be obtained. Omnivise T3000 is a distributed control system used in fossil fuel and large renewable energy power plants |
| var-201903-0417 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. WebKit is prone to multiple memory-corruption vulnerabilities. A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 12.1.3; Safari prior to 12.0.3; tvOS prior to 12.1.2; watchOS 5.1.3; Windows-based iCloud prior to 7.10. Installation note: Safari 12.0.3 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 14, 2019 Bugs: #672108, #674702, #678334 ID: 201903-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6" References ========== [ 1 ] CVE-2019-6212 https://nvd.nist.gov/vuln/detail/CVE-2019-6212 [ 2 ] CVE-2019-6215 https://nvd.nist.gov/vuln/detail/CVE-2019-6215 [ 3 ] CVE-2019-6216 https://nvd.nist.gov/vuln/detail/CVE-2019-6216 [ 4 ] CVE-2019-6217 https://nvd.nist.gov/vuln/detail/CVE-2019-6217 [ 5 ] CVE-2019-6226 https://nvd.nist.gov/vuln/detail/CVE-2019-6226 [ 6 ] CVE-2019-6227 https://nvd.nist.gov/vuln/detail/CVE-2019-6227 [ 7 ] CVE-2019-6229 https://nvd.nist.gov/vuln/detail/CVE-2019-6229 [ 8 ] CVE-2019-6233 https://nvd.nist.gov/vuln/detail/CVE-2019-6233 [ 9 ] CVE-2019-6234 https://nvd.nist.gov/vuln/detail/CVE-2019-6234 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-12 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-1 iOS 12.1.3 iOS 12.1.3 is now available and addresses the following: AppleKeyStore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-6200: an anonymous researcher Core Media Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6202: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day Initiative CoreAnimation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team CoreAnimation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan Team FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-6224: Natalie Silvanovich of Google Project Zero IOKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6214: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved validation. CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of Qihoo 360 Vulcan Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6210: Ned Williamson of Google Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory corruption issue was addressed with improved lock state checking. CVE-2019-6205: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-6213: Ian Beer of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6209: Brandon Azad of Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may cause unexpected changes in memory shared between processes Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-6208: Jann Horn of Google Project Zero Keyboard Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Password autofill may fill in passwords after they were manually cleared Description: An issue existed with autofill resuming after it was canceled. CVE-2019-6206: Sergey Pershenkov libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-6218: Ian Beer of Google Project Zero Natural Language Processing Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2019-6219: Authier Thomas Safari Reader Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. CVE-2019-6228: Ryan Pickren (ryanpickren.com) SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-20346: Tencent Blade Team CVE-2018-20505: Tencent Blade Team CVE-2018-20506: Tencent Blade Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6229: Ryan Pickren (ryanpickren.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple WebRTC Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-6211: Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s), and Rob Miller (@trotmaster99) of MWR Labs (@mwrlabs) working with Trend Micro's Zero Day Initiative Additional recognition mDNSResponder We would like to acknowledge Fatemah Alharbi of University of California, Riverside (UCR) and Taibah University (TU), Feng Qian of University of Minnesota - Twin City, Jie Chang of LinkSure Network, Nael Abu-Ghazaleh of University of California, Riverside (UCR), Yuchen Zhou of Northeastern University, and Zhiyun Qian of University of California, Riverside (UCR) for their assistance. Safari Reader We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance. WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.1.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSwpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3GA0RAA l3Yft6CRTyGtLyqIanBFP4sMtaxlIP44Y0+gPIf59DhZ7bzuy3s+cjnUJAxrqBC+ NAqrNur5x8OVBIS7T65njvccD7e7uGWBZfeEbMdplT5aK3AvRuW7MyXEo3nZu3dx gMRsubjQmwOnMB3Taxj0a6y2jvLU9DA7IfVyKb7ReCz3wv5KPb4BxLvbHwaMrbsJ SBETrGYMn4awTSmUs/IQTDECOzRLyicQnY44afDL/K9n/oB59VQm5ZUPDj9ofeQN UQsD7XVH19eI99N+uNQ+07GCqQ6++qe+kGVi2RR7HERt3wd4mnV895f6UvhlUjlU K1tY68ZuDNPZ54GJfniFI0OCYfcd5rYsPTnOt11heFnWfG+nnm2r+3BEh60RW5lW ONeyQ3ScubgMV2Teo3G0tWf9BGvKAI+qXbFuzkAMAucB+f7Oj06WDGhYPEAQZ8KR xLSb6nyfihQA6Bz4KbfppKC7I2GuyF6rl5iz+VBPHId7yaF0jxjEiJEF7RbLhbeg k7x8vJrKLR7hAs4AWCq69ZQ6VvmKLdgSNNCcbJIQNPCYtGabOP7xl4piDw4b46wq /LR6UNrYdf/U3hljPfKIBn+0e1EITcKHfUu85MyHftanF1JFYNp03eFJT5ouyMRt LD5C8YOX6VcEwCQqUpKmJD9wWwUehRhEiEffGkR+xSY=Jb8S -----END PGP SIGNATURE----- |
| var-200609-0310 | Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows. Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI. Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed. The risk rating for these issues is medium. _________________________________________________ * Vulnerable Systems QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below _________________________________________________ * Vulnerability Information CVE-2006-4382 Two buffer overflow vulnerabilities are present in QuickTime MOV format support. CVE-2006-4384 On heap overflow vulnerability is present in QuickTime FLC format support. CVE-2006-4385 One buffer overflow vulnerability is present in QuickTime SGI format support. CVE-2006-4386 One buffer overflow vulnerability is present in QuickTime MOV H.264 format support. CVE-2006-4388 One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support. CVE-2006-4389 One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support. _________________________________________________ * Resolution Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows. Further information is available at: http://docs.info.apple.com/article.html?artnum=304357 _________________________________________________ * Credits These vulnerabilities were discovered by Mike Price of McAfee Avert Labs. _________________________________________________ * Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. Best regards, Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background ========== Win32 binary codecs provide support for video and audio playback. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ |
| var-201211-0365 | Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. Adobe Flash Player Contains a buffer overflow vulnerability. This vulnerability CVE-2012-5274 , CVE-2012-5276 , CVE-2012-5277 ,and CVE-2012-5280 Is a different vulnerability.An attacker could execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Note: This issue was previously covered in BID 56412 (Adobe Flash Player and AIR APSB12-24 Multiple Security Vulnerabilities) but has been given its own record to better document it. The product enables viewing of applications, content and video across screens and browsers. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51210 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51210 RELEASE DATE: 2012-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/51210/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51210/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51210 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA51213 2) An integer overflow error exists in WebP handling. 3) An error in v8 can be exploited to cause an out-of-bounds array access. 4) A use-after-free error exists in SVG filter handling. 5) An error exists related to integer boundary checks within GPU command buffers. 6) A use-after-free error exists in video layout handling. 7) An error exists related to inappropriate loading of SVG subresource in "img" context. 8) A race condition error exists in Pepper buffer handling. 9) A type casting error exists in certain input handling. 10) An error in Skia can be exploited to cause an out-of-bounds read. 11) An error in texture handling can be exploited to corrupt memory. 12) A use-after-free error exists in extension tab handling. 13) A use-after-free error exists in plug-in placeholder handling. 14) An error in v8 can be exploited to corrupt memory. SOLUTION: Upgrade to version 23.0.1271.64. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Phil Turnbull 3, 6) Atte Kettunen, OUSPG. 4, 5) miaubiz 7) Felix Gr\xf6bert, Google Security Team 8) Fermin Serna, Google Security Team 9, 10, 13) Inferno, Google Chrome Security Team 11) Al Patrick, Chromium development community 12) Alexander Potapenko, Chromium development community 14) Cris Neckar, Google Chrome Security Team ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.dk/2012/11/stable-channel-release-and-beta-channel.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1431-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1431.html Issue date: 2012-11-07 CVE Names: CVE-2012-5274 CVE-2012-5275 CVE-2012-5276 CVE-2012-5277 CVE-2012-5278 CVE-2012-5279 CVE-2012-5280 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-24, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 873818 - flash-plugin: multiple code-execution flaws (APSB12-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.251-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.251-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.251-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.251-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.251-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.251-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.251-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.251-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.251-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.251-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5274.html https://www.redhat.com/security/data/cve/CVE-2012-5275.html https://www.redhat.com/security/data/cve/CVE-2012-5276.html https://www.redhat.com/security/data/cve/CVE-2012-5277.html https://www.redhat.com/security/data/cve/CVE-2012-5278.html https://www.redhat.com/security/data/cve/CVE-2012-5279.html https://www.redhat.com/security/data/cve/CVE-2012-5280.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-24.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQmiFjXlSAg2UNWIIRAi97AKClBeUc3AMPcWNkYfME6ndKJqg18ACdGuPH wmLm/s5nqgvfyTp8wUW9wVE= =fVdJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 7) Eduardo Vela Nava, Google Security Team |
| var-202006-1807 | Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program's incorrect handling of the \"PL_regkind[OP(n)] == NOTHING\" case. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bug Fix(es): * [perl-net-ping] wrong return value on failing DNS name lookup (BZ#1973177) 4. ========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020 perl vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3 Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11 In general, a standard system update will make all the necessary changes. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of Django to address CVE-2021-3281. * Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7. * Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions. * Fixed several issues related to how Tower rotates its log files. * Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales. * Fixed a bug which can cause unanticipated delays in certain playbook output. * Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data. * Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected. * Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified. * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:1266-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1266 Issue date: 2021-04-20 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ===================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) * perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878) * perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS 1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS 1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS 1938673 - perl-5.26.3-416.el8 FTBFS: ../cpan/Time-Local/t/Local.t test fails in year 2020 [rhel-7.4.z] 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: perl-5.16.3-292.el7_4.2.src.rpm noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: perl-5.16.3-292.el7_4.2.src.rpm noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm ppc64le: perl-5.16.3-292.el7_4.2.ppc64le.rpm perl-Time-Piece-1.20.1-292.el7_4.2.ppc64le.rpm perl-core-5.16.3-292.el7_4.2.ppc64le.rpm perl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm perl-devel-5.16.3-292.el7_4.2.ppc64le.rpm perl-libs-5.16.3-292.el7_4.2.ppc64le.rpm perl-macros-5.16.3-292.el7_4.2.ppc64le.rpm x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: perl-5.16.3-292.el7_4.2.src.rpm noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: perl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm perl-tests-5.16.3-292.el7_4.2.ppc64le.rpm x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH7PTtzjgjWX9erEAQg5Rg//XzoyzGoFRn5v3JT/1ZxNTBxZ+2SbVWnf MVMm5qt1Lkk8s/0DQnvJPKQaHc5yISwGIZChNZe4FxaxSfsn7nvH88d38Xpwht8q QsmKGPEyYmb9qvMbCpjFV6+T1ggaMvfikeFTCe49Kx3H/dDMKPXYvZqL9VtjbKKc Bf0G2fJkhCaEFeFksHZShu2tofoVaHeN/RkwoQrK2HWqb8emlEY5aTtdx3znzSwV Vg3l3sGJ4eDKLz8sWvUJtkkljM/uTM0klbbseyl6duBdFzzSegnn6dMcWLsntADr PgmyL5WMI7lLfJoBwK0m7D45HfCaVMVMp9dQdr5RE+IO+DXUQf9plEhKCIuPBiii aMugog1BamqQUHSYBwyhUOGjyT51SJHg+uVbvYzrQRM8v9YFDgYyliCiqJQmlik7 kq6Jmytn3AkrGQWCJy5TALvNnM59TDTM9IiBNHZ2iA3g59U2a6KZvYFgyT6JZ7rJ FEdgxtMdCLGXIS/aAeq9kiU+Jg4a3RN8gPhGiE39WACtvQ8QWs3GrYDVxlSF6eXg rzXOA6UYyTICfhT4JKb54bkH1MzR7hRaMX0UqnAF4gsPgduEmMdwSpB+5e1q/XIr tRH/FrGPdB/aTo19Pk6u3SQxgpYXQf+SpFiSpxvwsVaSNKGgm3eh3soNuXCCKfpf qTMMs3KSLLM= =1/yn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce |
| var-201912-0649 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of GraphicsContext objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKit is prone to the following security vulnerabilities: 1. Multiple cross-site scripting vulnerabilities 2. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. The following products and versions are affected: Apple iOS prior to 12.4; Windows-based iTunes prior to 12.9.6; tvOS prior to 12.4; Safari prior to 12.1.2; Windows-based iCloud prior to 7.13 and 10.6; macOS Versions prior to Mojave 10.14.6. For the stable distribution (buster), these problems have been fixed in version 2.24.4-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 ------------------------------------------------------------------------ Date reported : August 29, 2019 Advisory ID : WSA-2019-0004 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0004.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0004.html CVE identifiers : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690. CVE-2019-8644 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to G. Geshev working with Trend Micro's Zero Day Initiative. CVE-2019-8649 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. A logic issue existed in the handling of synchronous page loads. CVE-2019-8658 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to akayn working with Trend Micro's Zero Day Initiative. CVE-2019-8666 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-8669 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to akayn working with Trend Micro's Zero Day Initiative. CVE-2019-8671 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Apple. CVE-2019-8672 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Samuel Groß of Google Project Zero. CVE-2019-8673 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Soyeon Park and Wen Xu of SSLab at Georgia Tech. CVE-2019-8676 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Soyeon Park and Wen Xu of SSLab at Georgia Tech. CVE-2019-8677 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Jihui Lu of Tencent KeenLab. CVE-2019-8678 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to an anonymous researcher, Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation. CVE-2019-8679 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Jihui Lu of Tencent KeenLab. CVE-2019-8680 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Jihui Lu of Tencent KeenLab. CVE-2019-8681 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8683 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. CVE-2019-8684 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. CVE-2019-8686 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev working with Trend Micro's Zero Day Initiative. CVE-2019-8687 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Apple. CVE-2019-8688 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Insu Yun of SSLab at Georgia Tech. CVE-2019-8689 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. CVE-2019-8690 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. A logic issue existed in the handling of document loads. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. The WebKitGTK and WPE WebKit team, August 29, 2019 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 tvOS 12.4 addresses the following: Bluetooth Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero FaceTime Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Foundation Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: Apple TV 4K and Apple TV HD Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Profiles Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to restrict access to websites Description: A validation issue existed in the entitlement verification. CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Carabaș and Răzvan Deaconescu of University POLITEHNICA of Bucharest Quick Look Available for: Apple TV 4K and Apple TV HD Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero UIFoundation Available for: Apple TV 4K and Apple TV HD Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative CVE-2019-8687: Apple CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HyXxAA mG4VzHLTPDCtd3eXkDjN34xahbSiqapl+dcRPoJ4V8yTq2ZM7D+/6Ls4pRD/3oid 46YJfRDaH2J5kufrdYledP0fRXWZoi97tjfgewmP7qKJeftc/9y2qDqBPjnFzHxo 40BZaeVZjupKXyrPlT/Wy8kLZnBtufaEiwbrwkmR05hTuvP6MrQB9gC/YdQnVLTZ 8X7Rd9gIcTPl1cQ9lPvFRSxThsQMzQH69/amMYAhUfwuocn8GbVshVj8LNw7Ie2K pNUqt/UuB+DhQfUTHAlNezVcuWGUWVELkCuF6xv5oy6Z8bbyClOnYmZUmV+Nhqe+ gHmUUGMlhVuJme1mf20eapB+bHX8eXzxC99ScVymHym459V9N2NpGKDQmh3Pb1Cg OYMe7xyA7ckc8upqEl9WI+yyrRjlvuUUPXinmdldXnl0GFRfJfwbzsuoaQylIViE CKd8oOpzcG/dU8FiRYp5vzW9H/LMOTLK2Q1zX5dDhK2V6J/yYfqemnSOEvHhYD5g 08Wm7GaY2kpPqmJ1Vvbtzh9+5AVTNRxpP38xJJde1G8rSUgXs+MkxAh5n6cv+pr/ xpGVpPNsO1uKeRzXjbkTERxH2r8q548caRgKEn6OoOGWhXm6O4YDzopkM6tbe8p1 yIawhwh3AST6+peshxryiatYNsHunnvjpYc72UDiuBU= =KPlq -----END PGP SIGNATURE----- |
| var-202202-0101 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. Security fixes: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630 golang: io/fs: stack exhaustion in Glob * CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working * CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 3. Bugs fixed (https://bugzilla.redhat.com/): 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 5. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2115198 - build ceph containers for RHCS 5.2 release 5. The updated image includes bug fixes and feature improvements. New Features: * New RHACS dashboard and widgets * New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default. * New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default. * Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group. * List of network policies in Deployment tab for violations: A new information section has been added to help resolve a "missing Kubernetes network policy" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment. * Alpine 3.16 support for Scanner Enhancements: * Change to roxctl image scan behavior: The default value for the - --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs. * Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions. * Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard. Notable technical changes: * eBPF is now the default collection method: Updated the default collection method for Collector to eBPF. Deprecated features: * RenamePolicyCategory and DeletePolicyCategory API endpoints * Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent * Retrieving groups by property * vulns fields of storage.Node object in response payload of v1/nodes * /v1/cves/suppress and /v1/cves/unsuppress Removed features: * Anchore, Tenable, and Docker Trusted Registry integrations * External authorization plug-in for scoped access control * FROM option in the Disallowed Dockerfile line policy field * PodSecurityPolicy (PSP) Kubernetes objects 3. Solution: To take advantage of the new features, bug fixes, and enhancements in RHACS 3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root 5. JIRA issues fixed (https://issues.jboss.org/): ROX-11898 - Release RHACS 3.71.0 6. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2536 - Setting up ODF S3 for loki LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator LOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image ` LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http' LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards. LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image 6. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.11.0 bug fix and security update Advisory ID: RHSA-2022:5069-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:5069 Issue date: 2022-08-10 CVE Names: CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-17541 CVE-2020-19131 CVE-2020-24370 CVE-2020-28493 CVE-2020-35492 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 CVE-2021-3481 CVE-2021-3580 CVE-2021-3634 CVE-2021-3672 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3737 CVE-2021-4115 CVE-2021-4156 CVE-2021-4189 CVE-2021-20095 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-23566 CVE-2021-23648 CVE-2021-25219 CVE-2021-31535 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38185 CVE-2021-38593 CVE-2021-40528 CVE-2021-41190 CVE-2021-41617 CVE-2021-42771 CVE-2021-43527 CVE-2021-43818 CVE-2021-44225 CVE-2021-44906 CVE-2022-0235 CVE-2022-0778 CVE-2022-1012 CVE-2022-1215 CVE-2022-1271 CVE-2022-1292 CVE-2022-1586 CVE-2022-1621 CVE-2022-1629 CVE-2022-1706 CVE-2022-1729 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24903 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-26691 CVE-2022-26945 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 CVE-2022-29162 CVE-2022-29810 CVE-2022-29824 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 CVE-2022-32250 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:5068 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Security Fix(es): * go-getter: command injection vulnerability (CVE-2022-26945) * go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * sanitize-url: XSS (CVE-2021-23648) * minimist: prototype pollution (CVE-2021-44906) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64 The image digest is sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4 (For aarch64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-aarch64 The image digest is sha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-s390x The image digest is sha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le The image digest is sha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1817075 - MCC & MCO don't free leader leases during shut down -> 10 minutes of leader election timeouts 1822752 - cluster-version operator stops applying manifests when blocked by a precondition check 1823143 - oc adm release extract --command, --tools doesn't pull from localregistry when given a localregistry/image 1858418 - [OCPonRHV] OpenShift installer fails when Blank template is missing in oVirt/RHV 1859153 - [AWS] An IAM error occurred occasionally during the installation phase: Invalid IAM Instance Profile name 1896181 - [ovirt] install fails: due to terraform error "Cannot run VM. VM is being updated" on vm resource 1898265 - [OCP 4.5][AWS] Installation failed: error updating LB Target Group 1902307 - [vSphere] cloud labels management via cloud provider makes nodes not ready 1905850 - `oc adm policy who-can` failed to check the `operatorcondition/status` resource 1916279 - [OCPonRHV] Sometimes terraform installation fails on -failed to fetch Cluster(another terraform bug) 1917898 - [ovirt] install fails: due to terraform error "Tag not matched: expect <fault> but got <html>" on vm resource 1918005 - [vsphere] If there are multiple port groups with the same name installation fails 1918417 - IPv6 errors after exiting crictl 1918690 - Should update the KCM resource-graph timely with the latest configure 1919980 - oVirt installer fails due to terraform error "Failed to wait for Templte(...) to become ok" 1921182 - InspectFailed: kubelet Failed to inspect image: rpc error: code = DeadlineExceeded desc = context deadline exceeded 1923536 - Image pullthrough does not pass 429 errors back to capable clients 1926975 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 1928932 - deploy/route_crd.yaml in openshift/router uses deprecated v1beta1 CRD API 1932812 - Installer uses the terraform-provider in the Installer's directory if it exists 1934304 - MemoryPressure Top Pod Consumers seems to be 2x expected value 1943937 - CatalogSource incorrect parsing validation 1944264 - [ovn] CNO should gracefully terminate OVN databases 1944851 - List of ingress routes not cleaned up when routers no longer exist - take 2 1945329 - In k8s 1.21 bump conntrack 'should drop INVALID conntrack entries' tests are disabled 1948556 - Cannot read property 'apiGroup' of undefined error viewing operator CSV 1949827 - Kubelet bound to incorrect IPs, referring to incorrect NICs in 4.5.x 1957012 - Deleting the KubeDescheduler CR does not remove the corresponding deployment or configmap 1957668 - oc login does not show link to console 1958198 - authentication operator takes too long to pick up a configuration change 1958512 - No 1.25 shown in REMOVEDINRELEASE for apis audited with k8s.io/removed-release 1.25 and k8s.io/deprecated true 1961233 - Add CI test coverage for DNS availability during upgrades 1961844 - baremetal ClusterOperator installed by CVO does not have relatedObjects 1965468 - [OSP] Delete volume snapshots based on cluster ID in their metadata 1965934 - can not get new result with "Refresh off" if click "Run queries" again 1965969 - [aws] the public hosted zone id is not correct in the destroy log, while destroying a cluster which is using BYO private hosted zone. 1968253 - GCP CSI driver can provision volume with access mode ROX 1969794 - [OSP] Document how to use image registry PVC backend with custom availability zones 1975543 - [OLM] Remove stale cruft installed by CVO in earlier releases 1976111 - [tracker] multipathd.socket is missing start conditions 1976782 - Openshift registry starts to segfault after S3 storage configuration 1977100 - Pod failed to start with message "set CPU load balancing: readdirent /proc/sys/kernel/sched_domain/cpu66/domain0: no such file or directory" 1978303 - KAS pod logs show: [SHOULD NOT HAPPEN] ...failed to convert new object...CertificateSigningRequest) to smd typed: .status.conditions: duplicate entries for key [type=\"Approved\"] 1978798 - [Network Operator] Upgrade: The configuration to enable network policy ACL logging is missing on the cluster upgraded from 4.7->4.8 1979671 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 1982737 - OLM does not warn on invalid CSV 1983056 - IP conflict while recreating Pod with fixed name 1984785 - LSO CSV does not contain disconnected annotation 1989610 - Unsupported data types should not be rendered on operand details page 1990125 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 1990384 - 502 error on "Observe -> Alerting" UI after disabled local alertmanager 1992553 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1994117 - Some hardcodes are detected at the code level in orphaned code 1994820 - machine controller doesn't send vCPU quota failed messages to cluster install logs 1995953 - Ingresscontroller change the replicas to scaleup first time will be rolling update for all the ingress pods 1996544 - AWS region ap-northeast-3 is missing in installer prompt 1996638 - Helm operator manager container restart when CR is creating&deleting 1997120 - test_recreate_pod_in_namespace fails - Timed out waiting for namespace 1997142 - OperatorHub: Filtering the OperatorHub catalog is extremely slow 1997704 - [osp][octavia lb] given loadBalancerIP is ignored when creating a LoadBalancer type svc 1999325 - FailedMount MountVolume.SetUp failed for volume "kube-api-access" : object "openshift-kube-scheduler"/"kube-root-ca.crt" not registered 1999529 - Must gather fails to gather logs for all the namespace if server doesn't have volumesnapshotclasses resource 1999891 - must-gather collects backup data even when Pods fails to be created 2000653 - Add hypershift namespace to exclude namespaces list in descheduler configmap 2002009 - IPI Baremetal, qemu-convert takes to long to save image into drive on slow/large disks 2002602 - Storageclass creation page goes blank when "Enable encryption" is clicked if there is a syntax error in the configmap 2002868 - Node exporter not able to scrape OVS metrics 2005321 - Web Terminal is not opened on Stage of DevSandbox when terminal instance is not created yet 2005694 - Removing proxy object takes up to 10 minutes for the changes to propagate to the MCO 2006067 - Objects are not valid as a React child 2006201 - ovirt-csi-driver-node pods are crashing intermittently 2007246 - Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment 2007340 - Accessibility issues on topology - list view 2007611 - TLS issues with the internal registry and AWS S3 bucket 2007647 - oc adm release info --changes-from does not show changes in repos that squash-merge 2008486 - Double scroll bar shows up on dragging the task quick search to the bottom 2009345 - Overview page does not load from openshift console for some set of users after upgrading to 4.7.19 2009352 - Add image-registry usage metrics to telemeter 2009845 - Respect overrides changes during installation 2010361 - OpenShift Alerting Rules Style-Guide Compliance 2010364 - OpenShift Alerting Rules Style-Guide Compliance 2010393 - [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [Suite:openshift/conformance/parallel] 2011525 - Rate-limit incoming BFD to prevent ovn-controller DoS 2011895 - Details about cloud errors are missing from PV/PVC errors 2012111 - LSO still try to find localvolumeset which is already deleted 2012969 - need to figure out why osupdatedstart to reboot is zero seconds 2013144 - Developer catalog category links could not be open in a new tab (sharing and open a deep link works fine) 2013461 - Import deployment from Git with s2i expose always port 8080 (Service and Pod template, not Route) if another Route port is selected by the user 2013734 - unable to label downloads route in openshift-console namespace 2013822 - ensure that the `container-tools` content comes from the RHAOS plashets 2014161 - PipelineRun logs are delayed and stuck on a high log volume 2014240 - Image registry uses ICSPs only when source exactly matches image 2014420 - Topology page is crashed 2014640 - Cannot change storage class of boot disk when cloning from template 2015023 - Operator objects are re-created even after deleting it 2015042 - Adding a template from the catalog creates a secret that is not owned by the TemplateInstance 2015356 - Different status shows on VM list page and details page 2015375 - PVC creation for ODF/IBM Flashsystem shows incorrect types 2015459 - [azure][openstack]When image registry configure an invalid proxy, registry pods are CrashLoopBackOff 2015800 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2016425 - Adoption controller generating invalid metadata.Labels for an already adopted Subscription resource 2016534 - externalIP does not work when egressIP is also present 2017001 - Topology context menu for Serverless components always open downwards 2018188 - VRRP ID conflict between keepalived-ipfailover and cluster VIPs 2018517 - [sig-arch] events should not repeat pathologically expand_less failures - s390x CI 2019532 - Logger object in LSO does not log source location accurately 2019564 - User settings resources (ConfigMap, Role, RB) should be deleted when a user is deleted 2020483 - Parameter $__auto_interval_period is in Period drop-down list 2020622 - e2e-aws-upi and e2e-azure-upi jobs are not working 2021041 - [vsphere] Not found TagCategory when destroying ipi cluster 2021446 - openshift-ingress-canary is not reporting DEGRADED state, even though the canary route is not available and accessible 2022253 - Web terminal view is broken 2022507 - Pods stuck in OutOfpods state after running cluster-density 2022611 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment 2022745 - Cluster reader is not able to list NodeNetwork* objects 2023295 - Must-gather tool gathering data from custom namespaces. 2023691 - ClusterIP internalTrafficPolicy does not work for ovn-kubernetes 2024427 - oc completion zsh doesn't auto complete 2024708 - The form for creating operational CRs is badly rendering filed names ("obsoleteCPUs" -> "Obsolete CP Us" ) 2024821 - [Azure-File-CSI] need more clear info when requesting pvc with volumeMode Block 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2025624 - Ingress router metrics endpoint serving old certificates after certificate rotation 2026356 - [IPI on Azure] The bootstrap machine type should be same as master 2026461 - Completed pods in Openshift cluster not releasing IP addresses and results in err: range is full unless manually deleted 2027603 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page 2027613 - Users can't silence alerts from the dev console 2028493 - OVN-migration failed - ovnkube-node: error waiting for node readiness: timed out waiting for the condition 2028532 - noobaa-pg-db-0 pod stuck in Init:0/2 2028821 - Misspelled label in ODF management UI - MCG performance view 2029438 - Bootstrap node cannot resolve api-int because NetworkManager replaces resolv.conf 2029470 - Recover from suddenly appearing old operand revision WAS: kube-scheduler-operator test failure: Node's not achieving new revision 2029797 - Uncaught exception: ResizeObserver loop limit exceeded 2029835 - CSI migration for vSphere: Inline-volume tests failing 2030034 - prometheusrules.openshift.io: dial tcp: lookup prometheus-operator.openshift-monitoring.svc on 172.30.0.10:53: no such host 2030530 - VM created via customize wizard has single quotation marks surrounding its password 2030733 - wrong IP selected to connect to the nodes when ExternalCloudProvider enabled 2030776 - e2e-operator always uses quay master images during presubmit tests 2032559 - CNO allows migration to dual-stack in unsupported configurations 2032717 - Unable to download ignition after coreos-installer install --copy-network 2032924 - PVs are not being cleaned up after PVC deletion 2033482 - [vsphere] two variables in tf are undeclared and get warning message during installation 2033575 - monitoring targets are down after the cluster run for more than 1 day 2033711 - IBM VPC operator needs e2e csi tests for ibmcloud 2033862 - MachineSet is not scaling up due to an OpenStack error trying to create multiple ports with the same MAC address 2034147 - OpenShift VMware IPI Installation fails with Resource customization when corespersocket is unset and vCPU count is not a multiple of 4 2034296 - Kubelet and Crio fails to start during upgrde to 4.7.37 2034411 - [Egress Router] No NAT rules for ipv6 source and destination created in ip6tables-save 2034688 - Allow Prometheus/Thanos to return 401 or 403 when the request isn't authenticated 2034958 - [sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready 2035005 - MCD is not always removing in progress taint after a successful update 2035334 - [RFE] [OCPonRHV] Provision machines with preallocated disks 2035899 - Operator-sdk run bundle doesn't support arm64 env 2036202 - Bump podman to >= 3.3.0 so that setup of multiple credentials for a single registry which can be distinguished by their path will work 2036594 - [MAPO] Machine goes to failed state due to a momentary error of the cluster etcd 2036948 - SR-IOV Network Device Plugin should handle offloaded VF instead of supporting only PF 2037190 - dns operator status flaps between True/False/False and True/True/(False|True) after updating dnses.operator.openshift.io/default 2037447 - Ingress Operator is not closing TCP connections. 2037513 - I/O metrics from the Kubernetes/Compute Resources/Cluster Dashboard show as no datapoints found 2037542 - Pipeline Builder footer is not sticky and yaml tab doesn't use full height 2037610 - typo for the Terminated message from thanos-querier pod description info 2037620 - Upgrade playbook should quit directly when trying to upgrade RHEL-7 workers to 4.10 2037625 - AppliedClusterResourceQuotas can not be shown on project overview 2037626 - unable to fetch ignition file when scaleup rhel worker nodes on cluster enabled Tang disk encryption 2037628 - Add test id to kms flows for automation 2037721 - PodDisruptionBudgetAtLimit alert fired in SNO cluster 2037762 - Wrong ServiceMonitor definition is causing failure during Prometheus configuration reload and preventing changes from being applied 2037841 - [RFE] use /dev/ptp_hyperv on Azure/AzureStack 2038115 - Namespace and application bar is not sticky anymore 2038244 - Import from git ignore the given servername and could not validate On-Premises GitHub and BitBucket installations 2038405 - openshift-e2e-aws-workers-rhel-workflow in CI step registry broken 2038774 - IBM-Cloud OVN IPsec fails, IKE UDP ports and ESP protocol not in security group 2039135 - the error message is not clear when using "opm index prune" to prune a file-based index image 2039161 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected 2039253 - ovnkube-node crashes on duplicate endpoints 2039256 - Domain validation fails when TLD contains a digit. 2039277 - Topology list view items are not highlighted on keyboard navigation 2039462 - Application tab in User Preferences dropdown menus are too wide. 2039477 - validation icon is missing from Import from git 2039589 - The toolbox command always ignores [command] the first time 2039647 - Some developer perspective links are not deep-linked causes developer to sometimes delete/modify resources in the wrong project 2040180 - Bug when adding a new table panel to a dashboard for OCP UI with only one value column 2040195 - Ignition fails to enable systemd units with backslash-escaped characters in their names 2040277 - ThanosRuleNoEvaluationFor10Intervals alert description is wrong 2040488 - OpenShift-Ansible BYOH Unit Tests are Broken 2040635 - CPU Utilisation is negative number for "Kubernetes / Compute Resources / Cluster" dashboard 2040654 - 'oc adm must-gather -- some_script' should exit with same non-zero code as the failed 'some_script' exits 2040779 - Nodeport svc not accessible when the backend pod is on a window node 2040933 - OCP 4.10 nightly build will fail to install if multiple NICs are defined on KVM nodes 2041133 - 'oc explain route.status.ingress.conditions' shows type 'Currently only Ready' but actually is 'Admitted' 2041454 - Garbage values accepted for `--reference-policy` in `oc import-image` without any error 2041616 - Ingress operator tries to manage DNS of additional ingresscontrollers that are not under clusters basedomain, which can't work 2041769 - Pipeline Metrics page not showing data for normal user 2041774 - Failing git detection should not recommend Devfiles as import strategy 2041814 - The KubeletConfigController wrongly process multiple confs for a pool 2041940 - Namespace pre-population not happening till a Pod is created 2042027 - Incorrect feedback for "oc label pods --all" 2042348 - Volume ID is missing in output message when expanding volume which is not mounted. 2042446 - CSIWithOldVSphereHWVersion alert recurring despite upgrade to vmx-15 2042501 - use lease for leader election 2042587 - ocm-operator: Improve reconciliation of CA ConfigMaps 2042652 - Unable to deploy hw-event-proxy operator 2042838 - The status of container is not consistent on Container details and pod details page 2042852 - Topology toolbars are unaligned to other toolbars 2042999 - A pod cannot reach kubernetes.default.svc.cluster.local cluster IP 2043035 - Wrong error code provided when request contains invalid argument 2043068 - <x> available of <y> text disappears in Utilization item if x is 0 2043080 - openshift-installer intermittent failure on AWS with Error: InvalidVpcID.NotFound: The vpc ID 'vpc-123456789' does not exist 2043094 - ovnkube-node not deleting stale conntrack entries when endpoints go away 2043118 - Host should transition through Preparing when HostFirmwareSettings changed 2043132 - Add a metric when vsphere csi storageclass creation fails 2043314 - `oc debug node` does not meet compliance requirement 2043336 - Creating multi SriovNetworkNodePolicy cause the worker always be draining 2043428 - Address Alibaba CSI driver operator review comments 2043533 - Update ironic, inspector, and ironic-python-agent to latest bugfix release 2043672 - [MAPO] root volumes not working 2044140 - When 'oc adm upgrade --to-image ...' rejects an update as not recommended, it should mention --allow-explicit-upgrade 2044207 - [KMS] The data in the text box does not get cleared on switching the authentication method 2044227 - Test Managed cluster should only include cluster daemonsets that have maxUnavailable update of 10 or 33 percent fails 2044412 - Topology list misses separator lines and hover effect let the list jump 1px 2044421 - Topology list does not allow selecting an application group anymore 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2044803 - Unify button text style on VM tabs 2044824 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2045065 - Scheduled pod has nodeName changed 2045073 - Bump golang and build images for local-storage-operator 2045087 - Failed to apply sriov policy on intel nics 2045551 - Remove enabled FeatureGates from TechPreviewNoUpgrade 2045559 - API_VIP moved when kube-api container on another master node was stopped 2045577 - [ocp 4.9 | ovn-kubernetes] ovsdb_idl|WARN|transaction error: {"details":"cannot delete Datapath_Binding row 29e48972-xxxx because of 2 remaining reference(s)","error":"referential integrity violation 2045872 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046133 - [MAPO]IPI proxy installation failed 2046156 - Network policy: preview of affected pods for non-admin shows empty popup 2046157 - Still uses pod-security.admission.config.k8s.io/v1alpha1 in admission plugin config 2046191 - Opeartor pod is missing correct qosClass and priorityClass 2046277 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.vpc.aws_subnet.private_subnet[0] resource 2046319 - oc debug cronjob command failed with error "unable to extract pod template from type *v1.CronJob". 2046435 - Better Devfile Import Strategy support in the 'Import from Git' flow 2046496 - Awkward wrapping of project toolbar on mobile 2046497 - Re-enable TestMetricsEndpoint test case in console operator e2e tests 2046498 - "All Projects" and "all applications" use different casing on topology page 2046591 - Auto-update boot source is not available while create new template from it 2046594 - "Requested template could not be found" while creating VM from user-created template 2046598 - Auto-update boot source size unit is byte on customize wizard 2046601 - Cannot create VM from template 2046618 - Start last run action should contain current user name in the started-by annotation of the PLR 2046662 - Should upgrade the go version to be 1.17 for example go operator memcached-operator 2047197 - Sould upgrade the operator_sdk.util version to "0.4.0" for the "osdk_metric" module 2047257 - [CP MIGRATION] Node drain failure during control plane node migration 2047277 - Storage status is missing from status card of virtualization overview 2047308 - Remove metrics and events for master port offsets 2047310 - Running VMs per template card needs empty state when no VMs exist 2047320 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2047335 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047362 - Removing prometheus UI access breaks origin test 2047445 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2047670 - Installer should pre-check that the hosted zone is not associated with the VPC and throw the error message. 2047702 - Issue described on bug #2013528 reproduced: mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2047710 - [OVN] ovn-dbchecker CrashLoopBackOff and sbdb jsonrpc unix socket receive error 2047732 - [IBM]Volume is not deleted after destroy cluster 2047741 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.masters.aws_network_interface.master[1] resource 2047790 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2047799 - release-openshift-ocp-installer-e2e-aws-upi-4.9 2047870 - Prevent redundant queries of BIOS settings in HostFirmwareController 2047895 - Fix architecture naming in oc adm release mirror for aarch64 2047911 - e2e: Mock CSI tests fail on IBM ROKS clusters 2047913 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2047925 - [FJ OCP4.10 Bug]: IRONIC_KERNEL_PARAMS does not contain coreos_kernel_params during iPXE boot 2047935 - [4.11] Bootimage bump tracker 2047998 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-* 2048059 - Service Level Agreement (SLA) always show 'Unknown' 2048067 - [IPI on Alibabacloud] "Platform Provisioning Check" tells '"ap-southeast-6": enhanced NAT gateway is not supported', which seems false 2048186 - Image registry operator panics when finalizes config deletion 2048214 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2048219 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2048221 - Capitalization of titles in the VM details page is inconsistent. 2048222 - [AWS GovCloud] Cluster can not be installed on AWS GovCloud regions via terminal interactive UI. 2048276 - Cypress E2E tests fail due to a typo in test-cypress.sh 2048333 - prometheus-adapter becomes inaccessible during rollout 2048352 - [OVN] node does not recover after NetworkManager restart, NotReady and unreachable 2048442 - [KMS] UI does not have option to specify kube auth path and namespace for cluster wide encryption 2048451 - Custom serviceEndpoints in install-config are reported to be unreachable when environment uses a proxy 2048538 - Network policies are not implemented or updated by OVN-Kubernetes 2048541 - incorrect rbac check for install operator quick starts 2048563 - Leader election conventions for cluster topology 2048575 - IP reconciler cron job failing on single node 2048686 - Check MAC address provided on the install-config.yaml file 2048687 - All bare metal jobs are failing now due to End of Life of centos 8 2048793 - Many Conformance tests are failing in OCP 4.10 with Kuryr 2048803 - CRI-O seccomp profile out of date 2048824 - [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2048841 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added 2048955 - Alibaba Disk CSI Driver does not have CI 2049073 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2049078 - Bond CNI: Failed to attach Bond NAD to pod 2049108 - openshift-installer intermittent failure on AWS with 'Error: Error waiting for NAT Gateway (nat-xxxxx) to become available' 2049117 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2049133 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2049142 - Missing "app" label 2049169 - oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured 2049234 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2049410 - external-dns-operator creates provider section, even when not requested 2049483 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2049613 - MTU migration on SDN IPv4 causes API alerts 2049671 - system:serviceaccount:openshift-cluster-csi-drivers:aws-ebs-csi-driver-operator trying to GET and DELETE /api/v1/namespaces/openshift-cluster-csi-drivers/configmaps/kube-cloud-config which does not exist 2049687 - superfluous apirequestcount entries in audit log 2049775 - cloud-provider-config change not applied when ExternalCloudProvider enabled 2049787 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2049832 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2049872 - cluster storage operator AWS credentialsrequest lacks KMS privileges 2049889 - oc new-app --search nodejs warns about access to sample content on quay.io 2050005 - Plugin module IDs can clash with console module IDs causing runtime errors 2050011 - Observe > Metrics page: Timespan text input and dropdown do not align 2050120 - Missing metrics in kube-state-metrics 2050146 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050173 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050180 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050300 - panic in cluster-storage-operator while updating status 2050332 - Malformed ClusterClaim lifetimes cause the clusterclaims-controller to silently fail to reconcile all clusterclaims 2050335 - azure-disk failed to mount with error special device does not exist 2050345 - alert data for burn budget needs to be updated to prevent regression 2050407 - revert "force cert rotation every couple days for development" in 4.11 2050409 - ip-reconcile job is failing consistently 2050452 - Update osType and hardware version used by RHCOS OVA to indicate it is a RHEL 8 guest 2050466 - machine config update with invalid container runtime config should be more robust 2050637 - Blog Link not re-directing to the intented website in the last modal in the Dev Console Onboarding Tour 2050698 - After upgrading the cluster the console still show 0 of N, 0% progress for worker nodes 2050707 - up test for prometheus pod look to far in the past 2050767 - Vsphere upi tries to access vsphere during manifests generation phase 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2050882 - Crio appears to be coredumping in some scenarios 2050902 - not all resources created during import have common labels 2050946 - Cluster-version operator fails to notice TechPreviewNoUpgrade featureSet change after initialization-lookup error 2051320 - Need to build ose-aws-efs-csi-driver-operator-bundle-container image for 4.11 2051333 - [aws] records in public hosted zone and BYO private hosted zone were not deleted. 2051377 - Unable to switch vfio-pci to netdevice in policy 2051378 - Template wizard is crashed when there are no templates existing 2051423 - migrate loadbalancers from amphora to ovn not working 2051457 - [RFE] PDB for cloud-controller-manager to avoid going too many replicas down 2051470 - prometheus: Add validations for relabel configs 2051558 - RoleBinding in project without subject is causing "Project access" page to fail 2051578 - Sort is broken for the Status and Version columns on the Cluster Settings > ClusterOperators page 2051583 - sriov must-gather image doesn't work 2051593 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2051611 - Remove Check which enforces summary_interval must match logSyncInterval 2051642 - Remove "Tech-Preview" Label for the Web Terminal GA release 2051657 - Remove 'Tech preview' from minnimal deployment Storage System creation 2051718 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s 2051722 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2051881 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid 2051954 - Allow changing of policyAuditConfig ratelimit post-deployment 2051969 - Need to build local-storage-operator-metadata-container image for 4.11 2051985 - An APIRequestCount without dots in the name can cause a panic 2052016 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052034 - Can't start correct debug pod using pod definition yaml in OCP 4.8 2052055 - Whereabouts should implement client-go 1.22+ 2052056 - Static pod installer should throttle creating new revisions 2052071 - local storage operator metrics target down after upgrade 2052095 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052270 - FSyncControllerDegraded has "treshold" -> "threshold" typos 2052309 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052332 - Probe failures and pod restarts during 4.7 to 4.8 upgrade 2052393 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052398 - 4.9 to 4.10 upgrade fails for ovnkube-masters 2052415 - Pod density test causing problems when using kube-burner 2052513 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052578 - Create new app from a private git repository using 'oc new app' with basic auth does not work. 2052595 - Remove dev preview badge from IBM FlashSystem deployment windows 2052618 - Node reboot causes duplicate persistent volumes 2052671 - Add Sprint 214 translations 2052674 - Remove extra spaces 2052700 - kube-controller-manger should use configmap lease 2052701 - kube-scheduler should use configmap lease 2052814 - go fmt fails in OSM after migration to go 1.17 2052840 - IMAGE_BUILDER=docker make test-e2e-operator-ocp runs with podman instead of docker 2052953 - Observe dashboard always opens for last viewed workload instead of the selected one 2052956 - Installing virtualization operator duplicates the first action on workloads in topology 2052975 - High cpu load on Juniper Qfx5120 Network switches after upgrade to Openshift 4.8.26 2052986 - Console crashes when Mid cycle hook in Recreate strategy(edit deployment/deploymentConfig) selects Lifecycle strategy as "Tags the current image as an image stream tag if the deployment succeeds" 2053006 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2053104 - [vSphere CSI driver Operator] hw_version_total metric update wrong value after upgrade nodes hardware version from `vmx-13` to `vmx-15` 2053112 - nncp status is unknown when nnce is Progressing 2053118 - nncp Available condition reason should be exposed in `oc get` 2053168 - Ensure the core dynamic plugin SDK package has correct types and code 2053205 - ci-openshift-cluster-network-operator-master-e2e-agnostic-upgrade is failing most of the time 2053304 - Debug terminal no longer works in admin console 2053312 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053334 - rhel worker scaleup playbook failed because missing some dependency of podman 2053343 - Cluster Autoscaler not scaling down nodes which seem to qualify for scale-down 2053491 - nmstate interprets interface names as float64 and subsequently crashes on state update 2053501 - Git import detection does not happen for private repositories 2053582 - inability to detect static lifecycle failure 2053596 - [IBM Cloud] Storage IOPS limitations and lack of IPI ETCD deployment options trigger leader election during cluster initialization 2053609 - LoadBalancer SCTP service leaves stale conntrack entry that causes issues if service is recreated 2053622 - PDB warning alert when CR replica count is set to zero 2053685 - Topology performance: Immutable .toJSON consumes a lot of CPU time when rendering a large topology graph (~100 nodes) 2053721 - When using RootDeviceHint rotational setting the host can fail to provision 2053922 - [OCP 4.8][OVN] pod interface: error while waiting on OVS.Interface.external-ids 2054095 - [release-4.11] Gather images.conifg.openshift.io cluster resource definiition 2054197 - The ProjectHelmChartRepositrory schema has merged but has not been initialized in the cluster yet 2054200 - Custom created services in openshift-ingress removed even though the services are not of type LoadBalancer 2054238 - console-master-e2e-gcp-console is broken 2054254 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2054285 - Services other than knative service also shows as KSVC in add subscription/trigger modal 2054319 - must-gather | gather_metallb_logs can't detect metallb pod 2054351 - Rrestart of ptp4l/phc2sys on change of PTPConfig generates more than one times, socket error in event frame work 2054385 - redhat-operatori ndex image build failed with AMQ brew build - amq-interconnect-operator-metadata-container-1.10.13 2054564 - DPU network operator 4.10 branch need to sync with master 2054630 - cancel create silence from kebab menu of alerts page will navigated to the previous page 2054693 - Error deploying HorizontalPodAutoscaler with oc new-app command in OpenShift 4 2054701 - [MAPO] Events are not created for MAPO machines 2054705 - [tracker] nf_reinject calls nf_queue_entry_free on an already freed entry->state 2054735 - Bad link in CNV console 2054770 - IPI baremetal deployment metal3 pod crashes when using capital letters in hosts bootMACAddress 2054787 - SRO controller goes to CrashLoopBackOff status when the pull-secret does not have the correct permissions 2054950 - A large number is showing on disk size field 2055305 - Thanos Querier high CPU and memory usage till OOM 2055386 - MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition 2055433 - Unable to create br-ex as gateway is not found 2055470 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2055492 - The default YAML on vm wizard is not latest 2055601 - installer did not destroy *.app dns recored in a IPI on ASH install 2055702 - Enable Serverless tests in CI 2055723 - CCM operator doesn't deploy resources after enabling TechPreviewNoUpgrade feature set. 2055729 - NodePerfCheck fires and stays active on momentary high latency 2055814 - Custom dynamic exntension point causes runtime and compile time error 2055861 - cronjob collect-profiles failed leads node reach to OutOfpods status 2055980 - [dynamic SDK][internal] console plugin SDK does not support table actions 2056454 - Implement preallocated disks for oVirt in the cluster API provider 2056460 - Implement preallocated disks for oVirt in the OCP installer 2056496 - If image does not exists for builder image then upload jar form crashes 2056519 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies 2056607 - Running kubernetes-nmstate handler e2e tests stuck on OVN clusters 2056752 - Better to named the oc-mirror version info with more information like the `oc version --client` 2056802 - "enforcedLabelLimit|enforcedLabelNameLengthLimit|enforcedLabelValueLengthLimit" do not take effect 2056841 - [UI] [DR] Web console update is available pop-up is seen multiple times on Hub cluster where ODF operator is not installed and unnecessarily it pop-up on the Managed cluster as well where ODF operator is installed 2056893 - incorrect warning for --to-image in oc adm upgrade help 2056967 - MetalLB: speaker metrics is not updated when deleting a service 2057025 - Resource requests for the init-config-reloader container of prometheus-k8s-* pods are too high 2057054 - SDK: k8s methods resolves into Response instead of the Resource 2057079 - [cluster-csi-snapshot-controller-operator] CI failure: events should not repeat pathologically 2057101 - oc commands working with images print an incorrect and inappropriate warning 2057160 - configure-ovs selects wrong interface on reboot 2057183 - OperatorHub: Missing "valid subscriptions" filter 2057251 - response code for Pod count graph changed from 422 to 200 periodically for about 30 minutes if pod is rescheduled 2057358 - [Secondary Scheduler] - cannot build bundle index image using the secondary scheduler operator bundle 2057387 - [Secondary Scheduler] - olm.skiprange, com.redhat.openshift.versions is incorrect and no minkubeversion 2057403 - CMO logs show forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot get resource "replicasets" in API group "apps" in the namespace "openshift-monitoring" 2057495 - Alibaba Disk CSI driver does not provision small PVCs 2057558 - Marketplace operator polls too frequently for cluster operator status changes 2057633 - oc rsync reports misleading error when container is not found 2057642 - ClusterOperator status.conditions[].reason "etcd disk metrics exceeded..." should be a CamelCase slug 2057644 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members 2057696 - Removing console still blocks OCP install from completing 2057762 - ingress operator should report Upgradeable False to remind user before upgrade to 4.10 when Non-SAN certs are used 2057832 - expr for record rule: "cluster:telemetry_selected_series:count" is improper 2057967 - KubeJobCompletion does not account for possible job states 2057990 - Add extra debug information to image signature workflow test 2057994 - SRIOV-CNI failed to load netconf: LoadConf(): failed to get VF information 2058030 - On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain 2058217 - [vsphere-problem-detector-operator] 'vsphere_rwx_volumes_total' metric name make confused 2058225 - openshift_csi_share_* metrics are not found from telemeter server 2058282 - Websockets stop updating during cluster upgrades 2058291 - CI builds should have correct version of Kube without needing to push tags everytime 2058368 - Openshift OVN-K got restarted mutilple times with the error " ovsdb-server/memory-trim-on-compaction on'' failed: exit status 1 and " ovndbchecker.go:118] unable to turn on memory trimming for SB DB, stderr " , cluster unavailable 2058370 - e2e-aws-driver-toolkit CI job is failing 2058421 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2058424 - ConsolePlugin proxy always passes Authorization header even if `authorize` property is omitted or false 2058623 - Bootstrap server dropdown menu in Create Event Source- KafkaSource form is empty even if it's created 2058626 - Multiple Azure upstream kube fsgroupchangepolicy tests are permafailing expecting gid "1000" but geting "root" 2058671 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2058692 - [Secondary Scheduler] Creating secondaryscheduler instance fails with error "key failed with : secondaryschedulers.operator.openshift.io "secondary-scheduler" not found" 2059187 - [Secondary Scheduler] - key failed with : serviceaccounts "secondary-scheduler" is forbidden 2059212 - [tracker] Backport https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa 2059213 - ART cannot build installer images due to missing terraform binaries for some architectures 2059338 - A fully upgraded 4.10 cluster defaults to HW-13 hardware version even if HW-15 is default (and supported) 2059490 - The operator image in CSV file of the ART DPU network operator bundle is incorrect 2059567 - vMedia based IPI installation of OpenShift fails on Nokia servers due to issues with virtual media attachment and boot source override 2059586 - (release-4.11) Insights operator doesn't reconcile clusteroperator status condition messages 2059654 - Dynamic demo plugin proxy example out of date 2059674 - Demo plugin fails to build 2059716 - cloud-controller-manager flaps operator version during 4.9 -> 4.10 update 2059791 - [vSphere CSI driver Operator] didn't update 'vsphere_csi_driver_error' metric value when fixed the error manually 2059840 - [LSO]Could not gather logs for pod diskmaker-discovery and diskmaker-manager 2059943 - MetalLB: Move CI config files to metallb repo from dev-scripts repo 2060037 - Configure logging level of FRR containers 2060083 - CMO doesn't react to changes in clusteroperator console 2060091 - CMO produces invalid alertmanager statefulset if console cluster .status.consoleURL is unset 2060133 - [OVN RHEL upgrade] could not find IP addresses: failed to lookup link br-ex: Link not found 2060147 - RHEL8 Workers Need to Ensure libseccomp is up to date at install time 2060159 - LGW: External->Service of type ETP=Cluster doesn't go to the node 2060329 - Detect unsupported amount of workloads before rendering a lazy or crashing topology 2060334 - Azure VNET lookup fails when the NIC subnet is in a different resource group 2060361 - Unable to enumerate NICs due to missing the 'primary' field due to security restrictions 2060406 - Test 'operators should not create watch channels very often' fails 2060492 - Update PtpConfigSlave source-crs to use network_transport L2 instead of UDPv4 2060509 - Incorrect installation of ibmcloud vpc csi driver in IBM Cloud ROKS 4.10 2060532 - LSO e2e tests are run against default image and namespace 2060534 - openshift-apiserver pod in crashloop due to unable to reach kubernetes svc ip 2060549 - ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache! 2060553 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc 2060583 - Remove Console internal-kubevirt plugin SDK package 2060605 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060617 - IBMCloud destroy DNS regex not strict enough 2060687 - Azure Ci: SubscriptionDoesNotSupportZone - does not support availability zones at location 'westus' 2060697 - [AWS] partitionNumber cannot work for specifying Partition number 2060714 - [DOCS] Change source_labels to sourceLabels in "Configuring remote write storage" section 2060837 - [oc-mirror] Catalog merging error when two or more bundles does not have a set Replace field 2060894 - Preceding/Trailing Whitespaces In Form Elements on the add page 2060924 - Console white-screens while using debug terminal 2060968 - Installation failing due to ironic-agent.service not starting properly 2060970 - Bump recommended FCOS to 35.20220213.3.0 2061002 - Conntrack entry is not removed for LoadBalancer IP 2061301 - Traffic Splitting Dialog is Confusing With Only One Revision 2061303 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum 2061304 - workload info gatherer - don't serialize empty images map 2061333 - White screen for Pipeline builder page 2061447 - [GSS] local pv's are in terminating state 2061496 - etcd RecentBackup=Unknown ControllerStarted contains no message string 2061527 - [IBMCloud] infrastructure asset missing CloudProviderType 2061544 - AzureStack is hard-coded to use Standard_LRS for the disk type 2061549 - AzureStack install with internal publishing does not create api DNS record 2061611 - [upstream] The marker of KubeBuilder doesn't work if it is close to the code 2061732 - Cinder CSI crashes when API is not available 2061755 - Missing breadcrumb on the resource creation page 2061833 - A single worker can be assigned to multiple baremetal hosts 2061891 - [IPI on IBMCLOUD] missing ?br-sao? region in openshift installer 2061916 - mixed ingress and egress policies can result in half-isolated pods 2061918 - Topology Sidepanel style is broken 2061919 - Egress Ip entry stays on node's primary NIC post deletion from hostsubnet 2062007 - MCC bootstrap command lacks template flag 2062126 - IPfailover pod is crashing during creation showing keepalived_script doesn't exist 2062151 - Add RBAC for 'infrastructures' to operator bundle 2062355 - kubernetes-nmstate resources and logs not included in must-gathers 2062459 - Ingress pods scheduled on the same node 2062524 - [Kamelet Sink] Topology crashes on click of Event sink node if the resource is created source to Uri over ref 2062558 - Egress IP with openshift sdn in not functional on worker node. 2062568 - CVO does not trigger new upgrade again after fail to update to unavailable payload 2062645 - configure-ovs: don't restart networking if not necessary 2062713 - Special Resource Operator(SRO) - No sro_used_nodes metric 2062849 - hw event proxy is not binding on ipv6 local address 2062920 - Project selector is too tall with only a few projects 2062998 - AWS GovCloud regions are recognized as the unknown regions 2063047 - Configuring a full-path query log file in CMO breaks Prometheus with the latest version of the operator 2063115 - ose-aws-efs-csi-driver has invalid dependency in go.mod 2063164 - metal-ipi-ovn-ipv6 Job Permafailing and Blocking OpenShift 4.11 Payloads: insights operator is not available 2063183 - DefragDialTimeout is set to low for large scale OpenShift Container Platform - Cluster 2063194 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster 2063321 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 2063324 - MCO template output directories created with wrong mode causing render failure in unprivileged container environments 2063375 - ptp operator upgrade from 4.9 to 4.10 stuck at pending due to service account requirements not met 2063414 - on OKD 4.10, when image-registry is enabled, the /etc/hosts entry is missing on some nodes 2063699 - Builds - Builds - Logs: i18n misses. 2063708 - Builds - Builds - Logs: translation correction needed. 2063720 - Metallb EBGP neighbor stuck in active until adding ebgp-multihop (directly connected neighbors) 2063732 - Workloads - StatefulSets : I18n misses 2063747 - When building a bundle, the push command fails because is passes a redundant "IMG=" on the the CLI 2063753 - User Preferences - Language - Language selection : Page refresh rquired to change the UI into selected Language. 2063756 - User Preferences - Applications - Insecure traffic : i18n misses 2063795 - Remove go-ovirt-client go.mod replace directive 2063829 - During an IPI install with the 4.10.4 installer on vSphere, getting "Check": platform.vsphere.network: Invalid value: "VLAN_3912": unable to find network provided" 2063831 - etcd quorum pods landing on same node 2063897 - Community tasks not shown in pipeline builder page 2063905 - PrometheusOperatorWatchErrors alert may fire shortly in case of transient errors from the API server 2063938 - sing the hard coded rest-mapper in library-go 2063955 - cannot download operator catalogs due to missing images 2063957 - User Management - Users : While Impersonating user, UI is not switching into user's set language 2064024 - SNO OCP upgrade with DU workload stuck at waiting for kube-apiserver static pod 2064170 - [Azure] Missing punctuation in the installconfig.controlPlane.platform.azure.osDisk explain 2064239 - Virtualization Overview page turns into blank page 2064256 - The Knative traffic distribution doesn't update percentage in sidebar 2064553 - UI should prefer to use the virtio-win configmap than v2v-vmware configmap for windows creation 2064596 - Fix the hubUrl docs link in pipeline quicksearch modal 2064607 - Pipeline builder makes too many (100+) API calls upfront 2064613 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator 2064693 - [IPI][OSP] Openshift-install fails to find the shiftstack cloud defined in clouds.yaml in the current directory 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064705 - the alertmanagerconfig validation catches the wrong value for invalid field 2064744 - Errors trying to use the Debug Container feature 2064984 - Update error message for label limits 2065076 - Access monitoring Routes based on monitoring-shared-config creates wrong URL 2065160 - Possible leak of load balancer targets on AWS Machine API Provider 2065224 - Configuration for cloudFront in image-registry operator configuration is ignored & duration is corrupted 2065290 - CVE-2021-23648 sanitize-url: XSS 2065338 - VolumeSnapshot creation date sorting is broken 2065507 - `oc adm upgrade` should return ReleaseAccepted condition to show upgrade status. 2065510 - [AWS] failed to create cluster on ap-southeast-3 2065513 - Dev Perspective -> Project Dashboard shows Resource Quotas which are a bit misleading, and too many decimal places 2065547 - (release-4.11) Gather kube-controller-manager pod logs with garbage collector errors 2065552 - [AWS] Failed to install cluster on AWS ap-southeast-3 region due to image-registry panic error 2065577 - user with user-workload-monitoring-config-edit role can not create user-workload-monitoring-config configmap 2065597 - Cinder CSI is not configurable 2065682 - Remote write relabel config adds label __tmp_openshift_cluster_id__ to all metrics 2065689 - Internal Image registry with GCS backend does not redirect client 2065749 - Kubelet slowly leaking memory and pods eventually unable to start 2065785 - ip-reconciler job does not complete, halts node drain 2065804 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204 2065806 - stop considering Mint mode as supported on Azure 2065840 - the cronjob object is created with a wrong api version batch/v1beta1 when created via the openshift console 2065893 - [4.11] Bootimage bump tracker 2066009 - CVE-2021-44906 minimist: prototype pollution 2066232 - e2e-aws-workers-rhel8 is failing on ansible check 2066418 - [4.11] Update channels information link is taking to a 404 error page 2066444 - The "ingress" clusteroperator's relatedObjects field has kind names instead of resource names 2066457 - Prometheus CI failure: 503 Service Unavailable 2066463 - [IBMCloud] failed to list DNS zones: Exactly one of ApiKey or RefreshToken must be specified 2066605 - coredns template block matches cluster API to loose 2066615 - Downstream OSDK still use upstream image for Hybird type operator 2066619 - The GitCommit of the `oc-mirror version` is not correct 2066665 - [ibm-vpc-block] Unable to change default storage class 2066700 - [node-tuning-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles 2066754 - Cypress reports for core tests are not captured 2066782 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user 2066865 - Flaky test: In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (delayed binding)] topology should provision a volume and schedule a pod with AllowedTopologies 2066886 - openshift-apiserver pods never going NotReady 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066923 - No rule to make target 'docker-push' when building the SRO bundle 2066945 - SRO appends "arm64" instead of "aarch64" to the kernel name and it doesn't match the DTK 2067004 - CMO contains grafana image though grafana is removed 2067005 - Prometheus rule contains grafana though grafana is removed 2067062 - should update prometheus-operator resources version 2067064 - RoleBinding in Developer Console is dropping all subjects when editing 2067155 - Incorrect operator display name shown in pipelines quickstart in devconsole 2067180 - Missing i18n translations 2067298 - Console 4.10 operand form refresh 2067312 - PPT event source is lost when received by the consumer 2067384 - OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25 2067456 - OCP 4.11 should be firing APIRemovedInNextEUSReleaseInUse and APIRemovedInNextReleaseInUse for APIs removed in 1.25 2067995 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2068115 - resource tab extension fails to show up 2068148 - [4.11] /etc/redhat-release symlink is broken 2068180 - OCP UPI on AWS with STS enabled is breaking the Ingress operator 2068181 - Event source powered with kamelet type source doesn't show associated deployment in resources tab 2068490 - OLM descriptors integration test failing 2068538 - Crashloop back-off popover visual spacing defects 2068601 - Potential etcd inconsistent revision and data occurs 2068613 - ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs 2068908 - Manual blog link change needed 2069068 - reconciling Prometheus Operator Deployment failed while upgrading from 4.7.46 to 4.8.35 2069075 - [Alibaba 4.11.0-0.nightly] cluster storage component in Progressing state 2069181 - Disabling community tasks is not working 2069198 - Flaky CI test in e2e/pipeline-ci 2069307 - oc mirror hangs when processing the Red Hat 4.10 catalog 2069312 - extend rest mappings with 'job' definition 2069457 - Ingress operator has superfluous finalizer deletion logic for LoadBalancer-type services 2069577 - ConsolePlugin example proxy authorize is wrong 2069612 - Special Resource Operator (SRO) - Crash when nodeSelector does not match any nodes 2069632 - Not able to download previous container logs from console 2069643 - ConfigMaps leftovers while uninstalling SpecialResource with configmap 2069654 - Creating VMs with YAML on Openshift Virtualization UI is missing labels `flavor`, `os` and `workload` 2069685 - UI crashes on load if a pinned resource model does not exist 2069705 - prometheus target "serviceMonitor/openshift-metallb-system/monitor-metallb-controller/0" has a failure with "server returned HTTP status 502 Bad Gateway" 2069740 - On-prem loadbalancer ports conflict with kube node port range 2069760 - In developer perspective divider does not show up in navigation 2069904 - Sync upstream 1.18.1 downstream 2069914 - Application Launcher groupings are not case-sensitive 2069997 - [4.11] should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2070000 - Add warning alerts for installing standalone k8s-nmstate 2070020 - InContext doesn't work for Event Sources 2070047 - Kuryr: Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured 2070160 - Copy-to-clipboard and <pre> elements cause display issues for ACM dynamic plugins 2070172 - SRO uses the chart's name as Helm release, not the SpecialResource's 2070181 - [MAPO] serverGroupName ignored 2070457 - Image vulnerability Popover overflows from the visible area 2070674 - [GCP] Routes get timed out and nonresponsive after creating 2K service routes 2070703 - some ipv6 network policy tests consistently failing 2070720 - [UI] Filter reset doesn't work on Pods/Secrets/etc pages and complete list disappears 2070731 - details switch label is not clickable on add page 2070791 - [GCP]Image registry are crash on cluster with GCP workload identity enabled 2070792 - service "openshift-marketplace/marketplace-operator-metrics" is not annotated with capability 2070805 - ClusterVersion: could not download the update 2070854 - cv.status.capabilities.enabledCapabilities doesn?t show the day-2 enabled caps when there are errors on resources update 2070887 - Cv condition ImplicitlyEnabledCapabilities doesn?t complain about the disabled capabilities which is previously enabled 2070888 - Cannot bind driver vfio-pci when apply sriovnodenetworkpolicy with type vfio-pci 2070929 - OVN-Kubernetes: EgressIP breaks access from a pod with EgressIP to other host networked pods on different nodes 2071019 - rebase vsphere csi driver 2.5 2071021 - vsphere driver has snapshot support missing 2071033 - conditionally relabel volumes given annotation not working - SELinux context match is wrong 2071139 - Ingress pods scheduled on the same node 2071364 - All image building tests are broken with " error: build error: attempting to convert BUILD_LOGLEVEL env var value "" to integer: strconv.Atoi: parsing "": invalid syntax 2071578 - Monitoring navigation should not be shown if monitoring is not available (CRC) 2071599 - RoleBidings are not getting updated for ClusterRole in OpenShift Web Console 2071614 - Updating EgressNetworkPolicy rejecting with error UnsupportedMediaType 2071617 - remove Kubevirt extensions in favour of dynamic plugin 2071650 - ovn-k ovn_db_cluster metrics are not exposed for SNO 2071691 - OCP Console global PatternFly overrides adds padding to breadcrumbs 2071700 - v1 events show "Generated from" message without the source/reporting component 2071715 - Shows 404 on Environment nav in Developer console 2071719 - OCP Console global PatternFly overrides link button whitespace 2071747 - Link to documentation from the overview page goes to a missing link 2071761 - Translation Keys Are Not Namespaced 2071799 - Multus CNI should exit cleanly on CNI DEL when the API server is unavailable 2071859 - ovn-kube pods spec.dnsPolicy should be Default 2071914 - cloud-network-config-controller 4.10.5: Error building cloud provider client, err: %vfailed to initialize Azure environment: autorest/azure: There is no cloud environment matching the name "" 2071998 - Cluster-version operator should share details of signature verification when it fails in 'Force: true' updates 2072106 - cluster-ingress-operator tests do not build on go 1.18 2072134 - Routes are not accessible within cluster from hostnet pods 2072139 - vsphere driver has permissions to create/update PV objects 2072154 - Secondary Scheduler operator panics 2072171 - Test "[sig-network][Feature:EgressFirewall] EgressFirewall should have no impact outside its namespace [Suite:openshift/conformance/parallel]" fails 2072195 - machine api doesn't issue client cert when AWS DNS suffix missing 2072215 - Whereabouts ip-reconciler should be opt-in and not required 2072389 - CVO exits upgrade immediately rather than waiting for etcd backup 2072439 - openshift-cloud-network-config-controller reports wrong range of IP addresses for Azure worker nodes 2072455 - make bundle overwrites supported-nic-ids_v1_configmap.yaml 2072570 - The namespace titles for operator-install-single-namespace test keep changing 2072710 - Perfscale - pods time out waiting for OVS port binding (ovn-installed) 2072766 - Cluster Network Operator stuck in CrashLoopBackOff when scheduled to same master 2072780 - OVN kube-master does not clear NetworkUnavailableCondition on GCP BYOH Windows node 2072793 - Drop "Used Filesystem" from "Virtualization -> Overview" 2072805 - Observe > Dashboards: $__range variables cause PromQL query errors 2072807 - Observe > Dashboards: Missing `panel.styles` attribute for table panels causes JS error 2072842 - (release-4.11) Gather namespace names with overlapping UID ranges 2072883 - sometimes monitoring dashboards charts can not be loaded successfully 2072891 - Update gcp-pd-csi-driver to 1.5.1; 2072911 - panic observed in kubedescheduler operator 2072924 - periodic-ci-openshift-release-master-ci-4.11-e2e-azure-techpreview-serial 2072957 - ContainerCreateError loop leads to several thousand empty logfiles in the file system 2072998 - update aws-efs-csi-driver to the latest version 2072999 - Navigate from logs of selected Tekton task instead of last one 2073021 - [vsphere] Failed to update OS on master nodes 2073112 - Prometheus (uwm) externalLabels not showing always in alerts. 2073113 - Warning is logged to the console: W0407 Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. 2073176 - removing data in form does not remove data from yaml editor 2073197 - Error in Spoke/SNO agent: Source image rejected: A signature was required, but no signature exists 2073329 - Pipelines-plugin- Having different title for Pipeline Runs tab, on Pipeline Details page it's "PipelineRuns" and on Repository Details page it's "Pipeline Runs". 2073373 - Update azure-disk-csi-driver to 1.16.0 2073378 - failed egressIP assignment - cloud-network-config-controller does not delete failed cloudprivateipconfig 2073398 - machine-api-provider-openstack does not clean up OSP ports after failed server provisioning 2073436 - Update azure-file-csi-driver to v1.14.0 2073437 - Topology performance: Firehose/useK8sWatchResources cache can return unexpected data format if isList differs on multiple calls 2073452 - [sig-network] pods should successfully create sandboxes by other - failed (add) 2073473 - [OVN SCALE][ovn-northd] Unnecessary SB record no-op changes added to SB transaction. 2073522 - Update ibm-vpc-block-csi-driver to v4.2.0 2073525 - Update vpc-node-label-updater to v4.1.2 2073901 - Installation failed due to etcd operator Err:DefragControllerDegraded: failed to dial endpoint https://10.0.0.7:2379 with maintenance client: context canceled 2073937 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for UMW 2073938 - APIRemovedInNextEUSReleaseInUse alert for runtimeclasses 2073945 - APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies 2073972 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for platform monitoring 2074009 - [OVN] ovn-northd doesn't clean Chassis_Private record after scale down to 0 a machineSet 2074031 - Admins should be able to tune garbage collector aggressiveness (GOGC) for kube-apiserver if necessary 2074062 - Node Tuning Operator(NTO) - Cloud provider profile rollback doesn't work well 2074084 - CMO metrics not visible in the OCP webconsole UI 2074100 - CRD filtering according to name broken 2074210 - asia-south2, australia-southeast2, and southamerica-west1Missing from GCP regions 2074237 - oc new-app --image-stream flag behavior is unclear 2074243 - DefaultPlacement API allow empty enum value and remove default 2074447 - cluster-dashboard: CPU Utilisation iowait and steal 2074465 - PipelineRun fails in import from Git flow if "main" branch is default 2074471 - Cannot delete namespace with a LB type svc and Kuryr when ExternalCloudProvider is enabled 2074475 - [e2e][automation] kubevirt plugin cypress tests fail 2074483 - coreos-installer doesnt work on Dell machines 2074544 - e2e-metal-ipi-ovn-ipv6 failing due to recent CEO changes 2074585 - MCG standalone deployment page goes blank when the KMS option is enabled 2074606 - occm does not have permissions to annotate SVC objects 2074612 - Operator fails to install due to service name lookup failure 2074613 - nodeip-configuration container incorrectly attempts to relabel /etc/systemd/system 2074635 - Unable to start Web Terminal after deleting existing instance 2074659 - AWS installconfig ValidateForProvisioning always provides blank values to validate zone records 2074706 - Custom EC2 endpoint is not considered by AWS EBS CSI driver 2074710 - Transition to go-ovirt-client 2074756 - Namespace column provide wrong data in ClusterRole Details -> Rolebindings tab 2074767 - Metrics page show incorrect values due to metrics level config 2074807 - NodeFilesystemSpaceFillingUp alert fires even before kubelet GC kicks in 2074902 - `oc debug node/nodename ? chroot /host somecommand` should exit with non-zero when the sub-command failed 2075015 - etcd-guard connection refused event repeating pathologically (payload blocking) 2075024 - Metal upgrades permafailing on metal3 containers crash looping 2075050 - oc-mirror fails to calculate between two channels with different prefixes for the same version of OCP 2075091 - Symptom Detection.Undiagnosed panic detected in pod 2075117 - Developer catalog: Order dropdown (A-Z, Z-A) is miss-aligned (in a separate row) 2075149 - Trigger Translations When Extensions Are Updated 2075189 - Imports from dynamic-plugin-sdk lead to failed module resolution errors 2075459 - Set up cluster on aws with rootvolumn io2 failed due to no iops despite it being configured 2075475 - OVN-Kubernetes: egress router pod (redirect mode), access from pod on different worker-node (redirect) doesn't work 2075478 - Bump documentationBaseURL to 4.11 2075491 - nmstate operator cannot be upgraded on SNO 2075575 - Local Dev Env - Prometheus 404 Call errors spam the console 2075584 - improve clarity of build failure messages when using csi shared resources but tech preview is not enabled 2075592 - Regression - Top of the web terminal drawer is missing a stroke/dropshadow 2075621 - Cluster upgrade.[sig-mco] Machine config pools complete upgrade 2075647 - 'oc adm upgrade ...' POSTs ClusterVersion, clobbering any unrecognized spec properties 2075671 - Cluster Ingress Operator K8S API cache contains duplicate objects 2075778 - Fix failing TestGetRegistrySamples test 2075873 - Bump recommended FCOS to 35.20220327.3.0 2076193 - oc patch command for the liveness probe and readiness probe parameters of an OpenShift router deployment doesn't take effect 2076270 - [OCPonRHV] MachineSet scale down operation fails to delete the worker VMs 2076277 - [RFE] [OCPonRHV] Add storage domain ID valueto Compute/ControlPlain section in the machine object 2076290 - PTP operator readme missing documentation on BC setup via PTP config 2076297 - Router process ignores shutdown signal while starting up 2076323 - OLM blocks all operator installs if an openshift-marketplace catalogsource is unavailable 2076355 - The KubeletConfigController wrongly process multiple confs for a pool after having kubeletconfig in bootstrap 2076393 - [VSphere] survey fails to list datacenters 2076521 - Nodes in the same zone are not updated in the right order 2076527 - Pipeline Builder: Make unnecessary tekton hub API calls when the user types 'too fast' 2076544 - Whitespace (padding) is missing after an PatternFly update, already in 4.10 2076553 - Project access view replace group ref with user ref when updating their Role 2076614 - Missing Events component from the SDK API 2076637 - Configure metrics for vsphere driver to be reported 2076646 - openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters 2076793 - CVO exits upgrade immediately rather than waiting for etcd backup 2076831 - [ocp4.11]Mem/cpu high utilization by apiserver/etcd for cluster stayed 10 hours 2076877 - network operator tracker to switch to use flowcontrol.apiserver.k8s.io/v1beta2 instead v1beta1 to be deprecated in k8s 1.26 2076880 - OKD: add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it 2076975 - Metric unset during static route conversion in configure-ovs.sh 2076984 - TestConfigurableRouteNoConsumingUserNoRBAC fails in CI 2077050 - OCP should default to pd-ssd disk type on GCP 2077150 - Breadcrumbs on a few screens don't have correct top margin spacing 2077160 - Update owners for openshift/cluster-etcd-operator 2077357 - [release-4.11] 200ms packet delay with OVN controller turn on 2077373 - Accessibility warning on developer perspective 2077386 - Import page shows untranslated values for the route advanced routing>security options (devconsole~Edge) 2077457 - failure in test case "[sig-network][Feature:Router] The HAProxy router should serve the correct routes when running with the haproxy config manager" 2077497 - Rebase etcd to 3.5.3 or later 2077597 - machine-api-controller is not taking the proxy configuration when it needs to reach the RHV API 2077599 - OCP should alert users if they are on vsphere version <7.0.2 2077662 - AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster 2077797 - LSO pods don't have any resource requests 2077851 - "make vendor" target is not working 2077943 - If there is a service with multiple ports, and the route uses 8080, when editing the 8080 port isn't replaced, but a random port gets replaced and 8080 still stays 2077994 - Publish RHEL CoreOS AMIs in AWS ap-southeast-3 region 2078013 - drop multipathd.socket workaround 2078375 - When using the wizard with template using data source the resulting vm use pvc source 2078396 - [OVN AWS] EgressIP was not balanced to another egress node after original node was removed egress label 2078431 - [OCPonRHV] - ERROR failed to instantiate provider "openshift/local/ovirt" to obtain schema: ERROR fork/exec 2078526 - Multicast breaks after master node reboot/sync 2078573 - SDN CNI -Fail to create nncp when vxlan is up 2078634 - CRI-O not killing Calico CNI stalled (zombie) processes. 2078698 - search box may not completely remove content 2078769 - Different not translated filter group names (incl. Secret, Pipeline, PIpelineRun) 2078778 - [4.11] oc get ValidatingWebhookConfiguration,MutatingWebhookConfiguration fails and caused ?apiserver panic'd...http2: panic serving xxx.xx.xxx.21:49748: cannot deep copy int? when AllRequestBodies audit-profile is used. 2078781 - PreflightValidation does not handle multiarch images 2078866 - [BM][IPI] Installation with bonds fail - DaemonSet "openshift-ovn-kubernetes/ovnkube-node" rollout is not making progress 2078875 - OpenShift Installer fail to remove Neutron ports 2078895 - [OCPonRHV]-"cow" unsupported value in format field in install-config.yaml 2078910 - CNO spitting out ".spec.groups[0].rules[4].runbook_url: field not declared in schema" 2078945 - Ensure only one apiserver-watcher process is active on a node. 2078954 - network-metrics-daemon makes costly global pod list calls scaling per node 2078969 - Avoid update races between old and new NTO operands during cluster upgrades 2079012 - egressIP not migrated to correct workers after deleting machineset it was assigned 2079062 - Test for console demo plugin toast notification needs to be increased for ci testing 2079197 - [RFE] alert when more than one default storage class is detected 2079216 - Partial cluster update reference doc link returns 404 2079292 - containers prometheus-operator/kube-rbac-proxy violate PodSecurity 2079315 - (release-4.11) Gather ODF config data with Insights 2079422 - Deprecated 1.25 API call 2079439 - OVN Pods Assigned Same IP Simultaneously 2079468 - Enhance the waitForIngressControllerCondition for better CI results 2079500 - okd-baremetal-install uses fcos for bootstrap but rhcos for cluster 2079610 - Opeatorhub status shows errors 2079663 - change default image features in RBD storageclass 2079673 - Add flags to disable migrated code 2079685 - Storageclass creation page with "Enable encryption" is not displaying saved KMS connection details when vaulttenantsa details are available in csi-kms-details config 2079724 - cluster-etcd-operator - disable defrag-controller as there is unpredictable impact on large OpenShift Container Platform 4 - Cluster 2079788 - Operator restarts while applying the acm-ice example 2079789 - cluster drops ImplicitlyEnabledCapabilities during upgrade 2079803 - Upgrade-triggered etcd backup will be skip during serial upgrade 2079805 - Secondary scheduler operator should comply to restricted pod security level 2079818 - Developer catalog installation overlay (modal?) shows a duplicated padding 2079837 - [RFE] Hub/Spoke example with daemonset 2079844 - EFS cluster csi driver status stuck in AWSEFSDriverCredentialsRequestControllerProgressing with sts installation 2079845 - The Event Sinks catalog page now has a blank space on the left 2079869 - Builds for multiple kernel versions should be ran in parallel when possible 2079913 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN endpointslices 2079961 - The search results accordion has no spacing between it and the side navigation bar. 2079965 - [rebase v1.24] [sig-node] PodOSRejection [NodeConformance] Kubelet should reject pod when the node OS doesn't match pod's OS [Suite:openshift/conformance/parallel] [Suite:k8s] 2080054 - TAGS arg for installer-artifacts images is not propagated to build images 2080153 - aws-load-balancer-operator-controller-manager pod stuck in ContainerCreating status 2080197 - etcd leader changes produce test churn during early stage of test 2080255 - EgressIP broken on AWS with OpenShiftSDN / latest nightly build 2080267 - [Fresh Installation] Openshift-machine-config-operator namespace is flooded with events related to clusterrole, clusterrolebinding 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080379 - Group all e2e tests as parallel or serial 2080387 - Visual connector not appear between the node if a node get created using "move connector" to a different application 2080416 - oc bash-completion problem 2080429 - CVO must ensure non-upgrade related changes are saved when desired payload fails to load 2080446 - Sync ironic images with latest bug fixes packages 2080679 - [rebase v1.24] [sig-cli] test failure 2080681 - [rebase v1.24] [sig-cluster-lifecycle] CSRs from machines that are not recognized by the cloud provider are not approved [Suite:openshift/conformance/parallel] 2080687 - [rebase v1.24] [sig-network][Feature:Router] tests are failing 2080873 - Topology graph crashes after update to 4.11 when Layout 2 (ColaForce) was selected previously 2080964 - Cluster operator special-resource-operator is always in Failing state with reason: "Reconciling simple-kmod" 2080976 - Avoid hooks config maps when hooks are empty 2081012 - [rebase v1.24] [sig-devex][Feature:OpenShiftControllerManager] TestAutomaticCreationOfPullSecrets [Suite:openshift/conformance/parallel] 2081018 - [rebase v1.24] [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available 2081021 - [rebase v1.24] [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources 2081062 - Unrevert RHCOS back to 8.6 2081067 - admin dev-console /settings/cluster should point out history may be excerpted 2081069 - [sig-network] pods should successfully create sandboxes by adding pod to network 2081081 - PreflightValidation "odd number of arguments passed as key-value pairs for logging" error 2081084 - [rebase v1.24] [sig-instrumentation] Events API should ensure that an event can be fetched, patched, deleted, and listed 2081087 - [rebase v1.24] [sig-auth] ServiceAccounts should allow opting out of API token automount 2081119 - `oc explain` output of default overlaySize is outdated 2081172 - MetallLB: YAML view in webconsole does not show all the available key value pairs of all the objects 2081201 - cloud-init User check for Windows VM refuses to accept capitalized usernames 2081447 - Ingress operator performs spurious updates in response to API's defaulting of router deployment's router container's ports' protocol field 2081562 - lifecycle.posStart hook does not have network connectivity. 2081685 - Typo in NNCE Conditions 2081743 - [e2e] tests failing 2081788 - MetalLB: the crds are not validated until metallb is deployed 2081821 - SpecialResourceModule CRD is not installed after deploying SRO operator using brew bundle image via OLM 2081895 - Use the managed resource (and not the manifest) for resource health checks 2081997 - disconnected insights operator remains degraded after editing pull secret 2082075 - Removing huge amount of ports takes a lot of time. 2082235 - CNO exposes a generic apiserver that apparently does nothing 2082283 - Transition to new oVirt Terraform provider 2082360 - OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni 2082380 - [4.10.z] customize wizard is crashed 2082403 - [LSO] No new build local-storage-operator-metadata-container created 2082428 - oc patch healthCheckInterval with invalid "5 s" to the ingress-controller successfully 2082441 - [UPI] aws-load-balancer-operator-controller-manager failed to get VPC ID in UPI on AWS 2082492 - [IPI IBM]Can't create image-registry-private-configuration secret with error "specified resource key credentials does not contain HMAC keys" 2082535 - [OCPonRHV]-workers are cloned when "clone: false" is specified in install-config.yaml 2082538 - apirequests limits of Cluster CAPI Operator are too low for GCP platform 2082566 - OCP dashboard fails to load when the query to Prometheus takes more than 30s to return 2082604 - [IBMCloud][x86_64] IBM VPC does not properly support RHCOS Custom Image tagging 2082667 - No new machines provisioned while machineset controller drained old nodes for change to machineset 2082687 - [IBM Cloud][x86_64][CCCMO] IBM x86_64 CCM using unsupported --port argument 2082763 - Cluster install stuck on the applying for operatorhub "cluster" 2083149 - "Update blocked" label incorrectly displays on new minor versions in the "Other available paths" modal 2083153 - Unable to use application credentials for Manila PVC creation on OpenStack 2083154 - Dynamic plugin sdk tsdoc generation does not render docs for parameters 2083219 - DPU network operator doesn't deal with c1... inteface names 2083237 - [vsphere-ipi] Machineset scale up process delay 2083299 - SRO does not fetch mirrored DTK images in disconnected clusters 2083445 - [FJ OCP4.11 Bug]: RAID setting during IPI cluster deployment fails if iRMC port number is specified 2083451 - Update external serivces URLs to console.redhat.com 2083459 - Make numvfs > totalvfs error message more verbose 2083466 - Failed to create clusters on AWS C2S/SC2S due to image-registry MissingEndpoint error 2083514 - Operator ignores managementState Removed 2083641 - OpenShift Console Knative Eventing ContainerSource generates wrong api version when pointed to k8s Service 2083756 - Linkify not upgradeable message on ClusterSettings page 2083770 - Release image signature manifest filename extension is yaml 2083919 - openshift4/ose-operator-registry:4.10.0 having security vulnerabilities 2083942 - Learner promotion can temporarily fail with rpc not supported for learner errors 2083964 - Sink resources dropdown is not persisted in form yaml switcher in event source creation form 2083999 - "--prune-over-size-limit" is not working as expected 2084079 - prometheus route is not updated to "path: /api" after upgrade from 4.10 to 4.11 2084081 - nmstate-operator installed cluster on POWER shows issues while adding new dhcp interface 2084124 - The Update cluster modal includes a broken link 2084215 - Resource configmap "openshift-machine-api/kube-rbac-proxy" is defined by 2 manifests 2084249 - panic in ovn pod from an e2e-aws-single-node-serial nightly run 2084280 - GCP API Checks Fail if non-required APIs are not enabled 2084288 - "alert/Watchdog must have no gaps or changes" failing after bump 2084292 - Access to dashboard resources is needed in dynamic plugin SDK 2084331 - Resource with multiple capabilities included unless all capabilities are disabled 2084433 - Podsecurity violation error getting logged for ingresscontroller during deployment. 2084438 - Change Ping source spec.jsonData (deprecated) field to spec.data 2084441 - [IPI-Azure]fail to check the vm capabilities in install cluster 2084459 - Topology list view crashes when switching from chart view after moving sink from knative service to uri 2084463 - 5 control plane replica tests fail on ephemeral volumes 2084539 - update azure arm templates to support customer provided vnet 2084545 - [rebase v1.24] cluster-api-operator causes all techpreview tests to fail 2084580 - [4.10] No cluster name sanity validation - cluster name with a dot (".") character 2084615 - Add to navigation option on search page is not properly aligned 2084635 - PipelineRun creation from the GUI for a Pipeline with 2 workspaces hardcode the PVC storageclass 2084732 - A special resource that was created in OCP 4.9 can't be deleted after an upgrade to 4.10 2085187 - installer-artifacts fails to build with go 1.18 2085326 - kube-state-metrics is tripping APIRemovedInNextEUSReleaseInUse 2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated 2085380 - [IPI-Azure] Incorrect error prompt validate VM image and instance HyperV gen match when install cluster 2085407 - There is no Edit link/icon for labels on Node details page 2085721 - customization controller image name is wrong 2086056 - Missing doc for OVS HW offload 2086086 - Update Cluster Sample Operator dependencies and libraries for OCP 4.11 2086092 - update kube to v.24 2086143 - CNO uses too much memory 2086198 - Cluster CAPI Operator creates unnecessary defaulting webhooks 2086301 - kubernetes nmstate pods are not running after creating instance 2086408 - Podsecurity violation error getting logged for externalDNS operand pods during deployment 2086417 - Pipeline created from add flow has GIT Revision as required field 2086437 - EgressQoS CRD not available 2086450 - aws-load-balancer-controller-cluster pod logged Podsecurity violation error during deployment 2086459 - oc adm inspect fails when one of resources not exist 2086461 - CNO probes MTU unnecessarily in Hypershift, making cluster startup take too long 2086465 - External identity providers should log login attempts in the audit trail 2086469 - No data about title 'API Request Duration by Verb - 99th Percentile' display on the dashboard 'API Performance' 2086483 - baremetal-runtimecfg k8s dependencies should be on a par with 1.24 rebase 2086505 - Update oauth-server images to be consistent with ART 2086519 - workloads must comply to restricted security policy 2086521 - Icons of Knative actions are not clearly visible on the context menu in the dark mode 2086542 - Cannot create service binding through drag and drop 2086544 - ovn-k master daemonset on hypershift shouldn't log token 2086546 - Service binding connector is not visible in the dark mode 2086718 - PowerVS destroy code does not work 2086728 - [hypershift] Move drain to controller 2086731 - Vertical pod autoscaler operator needs a 4.11 bump 2086734 - Update csi driver images to be consistent with ART 2086737 - cloud-provider-openstack rebase to kubernetes v1.24 2086754 - Cluster resource override operator needs a 4.11 bump 2086759 - [IPI] OCP-4.11 baremetal - boot partition is not mounted on temporary directory 2086791 - Azure: Validate UltraSSD instances in multi-zone regions 2086851 - pods with multiple external gateways may only be have ECMP routes for one gateway 2086936 - vsphere ipi should use cores by default instead of sockets 2086958 - flaky e2e in kube-controller-manager-operator TestPodDisruptionBudgetAtLimitAlert 2086959 - flaky e2e in kube-controller-manager-operator TestLogLevel 2086962 - oc-mirror publishes metadata with --dry-run when publishing to mirror 2086964 - oc-mirror fails on differential run when mirroring a package with multiple channels specified 2086972 - oc-mirror does not error invalid metadata is passed to the describe command 2086974 - oc-mirror does not work with headsonly for operator 4.8 2087024 - The oc-mirror result mapping.txt is not correct , can?t be used by `oc image mirror` command 2087026 - DTK's imagestream is missing from OCP 4.11 payload 2087037 - Cluster Autoscaler should use K8s 1.24 dependencies 2087039 - Machine API components should use K8s 1.24 dependencies 2087042 - Cloud providers components should use K8s 1.24 dependencies 2087084 - remove unintentional nic support 2087103 - "Updating to release image" from 'oc' should point out that the cluster-version operator hasn't accepted the update 2087114 - Add simple-procfs-kmod in modprobe example in README.md 2087213 - Spoke BMH stuck "inspecting" when deployed via ZTP in 4.11 OCP hub 2087271 - oc-mirror does not check for existing workspace when performing mirror2mirror synchronization 2087556 - Failed to render DPU ovnk manifests 2087579 - ` --keep-manifest-list=true` does not work for `oc adm release new` , only pick up the linux/amd64 manifest from the manifest list 2087680 - [Descheduler] Sync with sigs.k8s.io/descheduler 2087684 - KCMO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile 2087685 - KASO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile 2087687 - MCO does not generate event when user applies Default -> LowUpdateSlowReaction WorkerLatencyProfile 2087764 - Rewrite the registry backend will hit error 2087771 - [tracker] NetworkManager 1.36.0 loses DHCP lease and doesn't try again 2087772 - Bindable badge causes some layout issues with the side panel of bindable operator backed services 2087942 - CNO references images that are divergent from ART 2087944 - KafkaSink Node visualized incorrectly 2087983 - remove etcd_perf before restore 2087993 - PreflightValidation many "msg":"TODO: preflight checks" in the operator log 2088130 - oc-mirror init does not allow for automated testing 2088161 - Match dockerfile image name with the name used in the release repo 2088248 - Create HANA VM does not use values from customized HANA templates 2088304 - ose-console: enable source containers for open source requirements 2088428 - clusteroperator/baremetal stays in progressing: Applying metal3 resources state on a fresh install 2088431 - AvoidBuggyIPs field of addresspool should be removed 2088483 - oc adm catalog mirror returns 0 even if there are errors 2088489 - Topology list does not allow selecting an application group anymore (again) 2088533 - CRDs for openshift.io should have subresource.status failes on sharedconfigmaps.sharedresource and sharedsecrets.sharedresource 2088535 - MetalLB: Enable debug log level for downstream CI 2088541 - Default CatalogSources in openshift-marketplace namespace keeps throwing pod security admission warnings `would violate PodSecurity "restricted:v1.24"` 2088561 - BMH unable to start inspection: File name too long 2088634 - oc-mirror does not fail when catalog is invalid 2088660 - Nutanix IPI installation inside container failed 2088663 - Better to change the default value of --max-per-registry to 6 2089163 - NMState CRD out of sync with code 2089191 - should remove grafana from cluster-monitoring-config configmap in hypershift cluster 2089224 - openshift-monitoring/cluster-monitoring-config configmap always revert to default setting 2089254 - CAPI operator: Rotate token secret if its older than 30 minutes 2089276 - origin tests for egressIP and azure fail 2089295 - [Nutanix]machine stuck in Deleting phase when delete a machineset whose replicas>=2 and machine is Provisioning phase on Nutanix 2089309 - [OCP 4.11] Ironic inspector image fails to clean disks that are part of a multipath setup if they are passive paths 2089334 - All cloud providers should use service account credentials 2089344 - Failed to deploy simple-kmod 2089350 - Rebase sdn to 1.24 2089387 - LSO not taking mpath. ignoring device 2089392 - 120 node baremetal upgrade from 4.9.29 --> 4.10.13 crashloops on machine-approver 2089396 - oc-mirror does not show pruned image plan 2089405 - New topology package shows gray build icons instead of green/red icons for builds and pipelines 2089419 - do not block 4.10 to 4.11 upgrades if an existing CSI driver is found. Instead, warn about presence of third party CSI driver 2089488 - Special resources are missing the managementState field 2089563 - Update Power VS MAPI to use api's from openshift/api repo 2089574 - UWM prometheus-operator pod can't start up due to no master node in hypershift cluster 2089675 - Could not move Serverless Service without Revision (or while starting?) 2089681 - [Hypershift] EgressIP doesn't work in hypershift guest cluster 2089682 - Installer expects all nutanix subnets to have a cluster reference which is not the case for e.g. overlay networks 2089687 - alert message of MCDDrainError needs to be updated for new drain controller 2089696 - CR reconciliation is stuck in daemonset lifecycle 2089716 - [4.11][reliability]one worker node became NotReady on which ovnkube-node pod's memory increased sharply 2089719 - acm-simple-kmod fails to build 2089720 - [Hypershift] ICSP doesn't work for the guest cluster 2089743 - acm-ice fails to deploy: helm chart does not appear to be a gzipped archive 2089773 - Pipeline status filter and status colors doesn't work correctly with non-english languages 2089775 - keepalived can keep ingress VIP on wrong node under certain circumstances 2089805 - Config duration metrics aren't exposed 2089827 - MetalLB CI - backward compatible tests are failing due to the order of delete 2089909 - PTP e2e testing not working on SNO cluster 2089918 - oc-mirror skip-missing still returns 404 errors when images do not exist 2089930 - Bump OVN to 22.06 2089933 - Pods do not post readiness status on termination 2089968 - Multus CNI daemonset should use hostPath mounts with type: directory 2089973 - bump libs to k8s 1.24 for OCP 4.11 2089996 - Unnecessary yarn install runs in e2e tests 2090017 - Enable source containers to meet open source requirements 2090049 - destroying GCP cluster which has a compute node without infra id in name would fail to delete 2 k8s firewall-rules and VPC network 2090092 - Will hit error if specify the channel not the latest 2090151 - [RHEL scale up] increase the wait time so that the node has enough time to get ready 2090178 - VM SSH command generated by UI points at api VIP 2090182 - [Nutanix]Create a machineset with invalid image, machine stuck in "Provisioning" phase 2090236 - Only reconcile annotations and status for clusters 2090266 - oc adm release extract is failing on mutli arch image 2090268 - [AWS EFS] Operator not getting installed successfully on Hypershift Guest cluster 2090336 - Multus logging should be disabled prior to release 2090343 - Multus debug logging should be enabled temporarily for debugging podsandbox creation failures. 2090358 - Initiating drain log message is displayed before the drain actually starts 2090359 - Nutanix mapi-controller: misleading error message when the failure is caused by wrong credentials 2090405 - [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z] 2090430 - gofmt code 2090436 - It takes 30min-60min to update the machine count in custom MachineConfigPools (MCPs) when a node is removed from the pool 2090437 - Bump CNO to k8s 1.24 2090465 - golang version mismatch 2090487 - Change default SNO Networking Type and disallow OpenShiftSDN a supported networking Type 2090537 - failure in ovndb migration when db is not ready in HA mode 2090549 - dpu-network-operator shall be able to run on amd64 arch platform 2090621 - Metal3 plugin does not work properly with updated NodeMaintenance CRD 2090627 - Git commit and branch are empty in MetalLB log 2090692 - Bump to latest 1.24 k8s release 2090730 - must-gather should include multus logs. 2090731 - nmstate deploys two instances of webhook on a single-node cluster 2090751 - oc image mirror skip-missing flag does not skip images 2090755 - MetalLB: BGPAdvertisement validation allows duplicate entries for ip pool selector, ip address pools, node selector and bgp peers 2090774 - Add Readme to plugin directory 2090794 - MachineConfigPool cannot apply a configuration after fixing the pods that caused a drain alert 2090809 - gm.ClockClass invalid syntax parse error in linux ptp daemon logs 2090816 - OCP 4.8 Baremetal IPI installation failure: "Bootstrap failed to complete: timed out waiting for the condition" 2090819 - oc-mirror does not catch invalid registry input when a namespace is specified 2090827 - Rebase CoreDNS to 1.9.2 and k8s 1.24 2090829 - Bump OpenShift router to k8s 1.24 2090838 - Flaky test: ignore flapping host interface 'tunbr' 2090843 - addLogicalPort() performance/scale optimizations 2090895 - Dynamic plugin nav extension "startsWith" property does not work 2090929 - [etcd] cluster-backup.sh script has a conflict to use the '/etc/kubernetes/static-pod-certs' folder if a custom API certificate is defined 2090993 - [AI Day2] Worker node overview page crashes in Openshift console with TypeError 2091029 - Cancel rollout action only appears when rollout is completed 2091030 - Some BM may fail booting with default bootMode strategy 2091033 - [Descheduler]: provide ability to override included/excluded namespaces 2091087 - ODC Helm backend Owners file needs updates 2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091167 - IPsec runtime enabling not work in hypershift 2091218 - Update Dev Console Helm backend to use helm 3.9.0 2091433 - Update AWS instance types 2091542 - Error Loading/404 not found page shown after clicking "Current namespace only" 2091547 - Internet connection test with proxy permanently fails 2091567 - oVirt CSI driver should use latest go-ovirt-client 2091595 - Alertmanager configuration can't use OpsGenie's entity field when AlertmanagerConfig is enabled 2091599 - PTP Dual Nic | Extend Events 4.11 - Up/Down master interface affects all the other interface in the same NIC accoording the events and metric 2091603 - WebSocket connection restarts when switching tabs in WebTerminal 2091613 - simple-kmod fails to build due to missing KVC 2091634 - OVS 2.15 stops handling traffic once ovs-dpctl(2.17.2) is used against it 2091730 - MCO e2e tests are failing with "No token found in openshift-monitoring secrets" 2091746 - "Oh no! Something went wrong" shown after user creates MCP without 'spec' 2091770 - CVO gets stuck downloading an upgrade, with the version pod complaining about invalid options 2091854 - clusteroperator status filter doesn't match all values in Status column 2091901 - Log stream paused right after updating log lines in Web Console in OCP4.10 2091902 - unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server has received too many requests and has asked us to try again later 2091990 - wrong external-ids for ovn-controller lflow-cache-limit-kb 2092003 - PR 3162 | BZ 2084450 - invalid URL schema for AWS causes tests to perma fail and break the cloud-network-config-controller 2092041 - Bump cluster-dns-operator to k8s 1.24 2092042 - Bump cluster-ingress-operator to k8s 1.24 2092047 - Kube 1.24 rebase for cloud-network-config-controller 2092137 - Search doesn't show all entries when name filter is cleared 2092296 - Change Default MachineCIDR of Power VS Platform from 10.x to 192.168.0.0/16 2092390 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown 2092395 - etcdHighNumberOfFailedGRPCRequests alerts with wrong results 2092408 - Wrong icon is used in the virtualization overview permissions card 2092414 - In virtualization overview "running vm per templates" template list can be improved 2092442 - Minimum time between drain retries is not the expected one 2092464 - marketplace catalog defaults to v4.10 2092473 - libovsdb performance backports 2092495 - ovn: use up to 4 northd threads in non-SNO clusters 2092502 - [azure-file-csi-driver] Stop shipping a NFS StorageClass 2092509 - Invalid memory address error if non existing caBundle is configured in DNS-over-TLS using ForwardPlugins 2092572 - acm-simple-kmod chart should create the namespace on the spoke cluster 2092579 - Don't retry pod deletion if objects are not existing 2092650 - [BM IPI with Provisioning Network] Worker nodes are not provisioned: ironic-agent is stuck before writing into disks 2092703 - Incorrect mount propagation information in container status 2092815 - can't delete the unwanted image from registry by oc-mirror 2092851 - [Descheduler]: allow to customize the LowNodeUtilization strategy thresholds 2092867 - make repository name unique in acm-ice/acm-simple-kmod examples 2092880 - etcdHighNumberOfLeaderChanges returns incorrect number of leadership changes 2092887 - oc-mirror list releases command uses filter-options flag instead of filter-by-os 2092889 - Incorrect updating of EgressACLs using direction "from-lport" 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 2092937 - WebScale: OVN-k8s forwarding to external-gw over the secondary interfaces failing 2092966 - [OCP 4.11] [azure] /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 2093044 - Azure machine-api-provider-azure Availability Set Name Length Limit 2093047 - Dynamic Plugins: Generated API markdown duplicates `checkAccess` and `useAccessReview` doc 2093126 - [4.11] Bootimage bump tracker 2093236 - DNS operator stopped reconciling after 4.10 to 4.11 upgrade | 4.11 nightly to 4.11 nightly upgrade 2093288 - Default catalogs fails liveness/readiness probes 2093357 - Upgrading sno spoke with acm-ice, causes the sno to get unreachable 2093368 - Installer orphans FIPs created for LoadBalancer Services on `cluster destroy` 2093396 - Remove node-tainting for too-small MTU 2093445 - ManagementState reconciliation breaks SR 2093454 - Router proxy protocol doesn't work with dual-stack (IPv4 and IPv6) clusters 2093462 - Ingress Operator isn't reconciling the ingress cluster operator object 2093586 - Topology: Ctrl+space opens the quick search modal, but doesn't close it again 2093593 - Import from Devfile shows configuration options that shoudn't be there 2093597 - Import: Advanced option sentence is splited into two parts and headlines has no padding 2093600 - Project access tab should apply new permissions before it delete old ones 2093601 - Project access page doesn't allow the user to update the settings twice (without manually reload the content) 2093783 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.24 2093797 - 'oc registry login' with serviceaccount function need update 2093819 - An etcd member for a new machine was never added to the cluster 2093930 - Gather console helm install totals metric 2093957 - Oc-mirror write dup metadata to registry backend 2093986 - Podsecurity violation error getting logged for pod-identity-webhook 2093992 - Cluster version operator acknowledges upgrade failing on periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-upgrade-ovn-ipv6 2094023 - Add Git Flow - Template Labels for Deployment show as DeploymentConfig 2094024 - bump oauth-apiserver deps to include 1.23.1 k8s that fixes etcd blips 2094039 - egressIP panics with nil pointer dereference 2094055 - Bump coreos-installer for s390x Secure Execution 2094071 - No runbook created for SouthboundStale alert 2094088 - Columns in NBDB may never be updated by OVNK 2094104 - Demo dynamic plugin image tests should be skipped when testing console-operator 2094152 - Alerts in the virtualization overview status card aren't filtered 2094196 - Add default and validating webhooks for Power VS MAPI 2094227 - Topology: Create Service Binding should not be the last option (even under delete) 2094239 - custom pool Nodes with 0 nodes are always populated in progress bar 2094303 - If og is configured with sa, operator installation will be failed. 2094335 - [Nutanix] - debug logs are enabled by default in machine-controller 2094342 - apirequests limits of Cluster CAPI Operator are too low for Azure platform 2094438 - Make AWS URL parsing more lenient for GetNodeEgressIPConfiguration 2094525 - Allow automatic upgrades for efs operator 2094532 - ovn-windows CI jobs are broken 2094675 - PTP Dual Nic | Extend Events 4.11 - when kill the phc2sys We have notification for the ptp4l physical master moved to free run 2094694 - [Nutanix] No cluster name sanity validation - cluster name with a dot (".") character 2094704 - Verbose log activated on kube-rbac-proxy in deployment prometheus-k8s 2094801 - Kuryr controller keep restarting when handling IPs with leading zeros 2094806 - Machine API oVrit component should use K8s 1.24 dependencies 2094816 - Kuryr controller restarts when over quota 2094833 - Repository overview page does not show default PipelineRun template for developer user 2094857 - CloudShellTerminal loops indefinitely if DevWorkspace CR goes into failed state 2094864 - Rebase CAPG to latest changes 2094866 - oc-mirror does not always delete all manifests associated with an image during pruning 2094896 - Run 'openshift-install agent create image' has segfault exception if cluster-manifests directory missing 2094902 - Fix installer cross-compiling 2094932 - MGMT-10403 Ingress should enable single-node cluster expansion on upgraded clusters 2095049 - managed-csi StorageClass does not create PVs 2095071 - Backend tests fails after devfile registry update 2095083 - Observe > Dashboards: Graphs may change a lot on automatic refresh 2095110 - [ovn] northd container termination script must use bash 2095113 - [ovnkube] bump to openvswitch2.17-2.17.0-22.el8fdp 2095226 - Added changes to verify cloud connection and dhcpservices quota of a powervs instance 2095229 - ingress-operator pod in CrashLoopBackOff in 4.11 after upgrade starting in 4.6 due to go panic 2095231 - Kafka Sink sidebar in topology is empty 2095247 - Event sink form doesn't show channel as sink until app is refreshed 2095248 - [vSphere-CSI-Driver] does not report volume count limits correctly caused pod with multi volumes maybe schedule to not satisfied volume count node 2095256 - Samples Owner needs to be Updated 2095264 - ovs-configuration.service fails with Error: Failed to modify connection 'ovs-if-br-ex': failed to update connection: error writing to file '/etc/NetworkManager/systemConnectionsMerged/ovs-if-br-ex.nmconnection' 2095362 - oVirt CSI driver operator should use latest go-ovirt-client 2095574 - e2e-agnostic CI job fails 2095687 - Debug Container shown for build logs and on click ui breaks 2095703 - machinedeletionhooks doesn't work in vsphere cluster and BM cluster 2095716 - New PSA component for Pod Security Standards enforcement is refusing openshift-operators ns 2095756 - CNO panics with concurrent map read/write 2095772 - Memory requests for ovnkube-master containers are over-sized 2095917 - Nutanix set osDisk with diskSizeGB rather than diskSizeMiB 2095941 - DNS Traffic not kept local to zone or node when Calico SDN utilized 2096053 - Builder Image icons in Git Import flow are hard to see in Dark mode 2096226 - crio fails to bind to tentative IP, causing service failure since RHOCS was rebased on RHEL 8.6 2096315 - NodeClockNotSynchronising alert's severity should be critical 2096350 - Web console doesn't display webhook errors for upgrades 2096352 - Collect whole journal in gather 2096380 - acm-simple-kmod references deprecated KVC example 2096392 - Topology node icons are not properly visible in Dark mode 2096394 - Add page Card items background color does not match with column background color in Dark mode 2096413 - br-ex not created due to default bond interface having a different mac address than expected 2096496 - FIPS issue on OCP SNO with RT Kernel via performance profile 2096605 - [vsphere] no validation checking for diskType 2096691 - [Alibaba 4.11] Specifying ResourceGroup id in install-config.yaml, New pv are still getting created to default ResourceGroups 2096855 - `oc adm release new` failed with error when use an existing multi-arch release image as input 2096905 - Openshift installer should not use the prism client embedded in nutanix terraform provider 2096908 - Dark theme issue in pipeline builder, Helm rollback form, and Git import 2097000 - KafkaConnections disappear from Topology after creating KafkaSink in Topology 2097043 - No clean way to specify operand issues to KEDA OLM operator 2097047 - MetalLB: matchExpressions used in CR like L2Advertisement, BGPAdvertisement, BGPPeers allow duplicate entries 2097067 - ClusterVersion history pruner does not always retain initial completed update entry 2097153 - poor performance on API call to vCenter ListTags with thousands of tags 2097186 - PSa autolabeling in 4.11 env upgraded from 4.10 does not work due to missing RBAC objects 2097239 - Change Lower CPU limits for Power VS cloud 2097246 - Kuryr: verify and unit jobs failing due to upstream OpenStack dropping py36 support 2097260 - openshift-install create manifests failed for Power VS platform 2097276 - MetalLB CI deploys the operator via manifests and not using the csv 2097282 - chore: update external-provisioner to the latest upstream release 2097283 - chore: update external-snapshotter to the latest upstream release 2097284 - chore: update external-attacher to the latest upstream release 2097286 - chore: update node-driver-registrar to the latest upstream release 2097334 - oc plugin help shows 'kubectl' 2097346 - Monitoring must-gather doesn't seem to be working anymore in 4.11 2097400 - Shared Resource CSI Driver needs additional permissions for validation webhook 2097454 - Placeholder bug for OCP 4.11.0 metadata release 2097503 - chore: rebase against latest external-resizer 2097555 - IngressControllersNotUpgradeable: load balancer service has been modified; changes must be reverted before upgrading 2097607 - Add Power VS support to Webhooks tests in actuator e2e test 2097685 - Ironic-agent can't restart because of existing container 2097716 - settings under httpConfig is dropped with AlertmanagerConfig v1beta1 2097810 - Required Network tools missing for Testing e2e PTP 2097832 - clean up unused IPv6DualStackNoUpgrade feature gate 2097940 - openshift-install destroy cluster traps if vpcRegion not specified 2097954 - 4.11 installation failed at monitoring and network clusteroperators with error "conmon: option parsing failed: Unknown option --log-global-size-max" making all jobs failing 2098172 - oc-mirror does not validatethe registry in the storage config 2098175 - invalid license in python-dataclasses-0.8-2.el8 spec 2098177 - python-pint-0.10.1-2.el8 has unused Patch0 in spec file 2098242 - typo in SRO specialresourcemodule 2098243 - Add error check to Platform create for Power VS 2098392 - [OCP 4.11] Ironic cannot match "wwn" rootDeviceHint for a multipath device 2098508 - Control-plane-machine-set-operator report panic 2098610 - No need to check the push permission with ?manifests-only option 2099293 - oVirt cluster API provider should use latest go-ovirt-client 2099330 - Edit application grouping is shown to user with view only access in a cluster 2099340 - CAPI e2e tests for AWS are missing 2099357 - ovn-kubernetes needs explicit RBAC coordination leases for 1.24 bump 2099358 - Dark mode+Topology update: Unexpected selected+hover border and background colors for app groups 2099528 - Layout issue: No spacing in delete modals 2099561 - Prometheus returns HTTP 500 error on /favicon.ico 2099582 - Format and update Repository overview content 2099611 - Failures on etcd-operator watch channels 2099637 - Should print error when use --keep-manifest-list\xfalse for manifestlist image 2099654 - Topology performance: Endless rerender loop when showing a Http EventSink (KameletBinding) 2099668 - KubeControllerManager should degrade when GC stops working 2099695 - Update CAPG after rebase 2099751 - specialresourcemodule stacktrace while looping over build status 2099755 - EgressIP node's mgmtIP reachability configuration option 2099763 - Update icons for event sources and sinks in topology, Add page, and context menu 2099811 - UDP Packet loss in OpenShift using IPv6 [upcall] 2099821 - exporting a pointer for the loop variable 2099875 - The speaker won't start if there's another component on the host listening on 8080 2099899 - oc-mirror looks for layers in the wrong repository when searching for release images during publishing 2099928 - [FJ OCP4.11 Bug]: Add unit tests to image_customization_test file 2099968 - [Azure-File-CSI] failed to provisioning volume in ARO cluster 2100001 - Sync upstream v1.22.0 downstream 2100007 - Run bundle-upgrade failed from the traditional File-Based Catalog installed operator 2100033 - OCP 4.11 IPI - Some csr remain "Pending" post deployment 2100038 - failure to update special-resource-lifecycle table during update Event 2100079 - SDN needs explicit RBAC coordination leases for 1.24 bump 2100138 - release info --bugs has no differentiator between Jira and Bugzilla 2100155 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation 2100159 - Dark theme: Build icon for pending status is not inverted in topology sidebar 2100323 - Sqlit-based catsrc cannot be ready due to "Error: open ./db-xxxx: permission denied" 2100347 - KASO retains old config values when switching from Medium/Default to empty worker latency profile 2100356 - Remove Condition tab and create option from console as it is deprecated in OSP-1.8 2100439 - [gce-pd] GCE PD in-tree storage plugin tests not running 2100496 - [OCPonRHV]-oVirt API returns affinity groups without a description field 2100507 - Remove redundant log lines from obj_retry.go 2100536 - Update API to allow EgressIP node reachability check 2100601 - Update CNO to allow EgressIP node reachability check 2100643 - [Migration] [GCP]OVN can not rollback to SDN 2100644 - openshift-ansible FTBFS on RHEL8 2100669 - Telemetry should not log the full path if it contains a username 2100749 - [OCP 4.11] multipath support needs multipath modules 2100825 - Update machine-api-powervs go modules to latest version 2100841 - tiny openshift-install usability fix for setting KUBECONFIG 2101460 - An etcd member for a new machine was never added to the cluster 2101498 - Revert Bug 2082599: add upper bound to number of failed attempts 2102086 - The base image is still 4.10 for operator-sdk 1.22 2102302 - Dummy bug for 4.10 backports 2102362 - Valid regions should be allowed in GCP install config 2102500 - Kubernetes NMState pods can not evict due to PDB on an SNO cluster 2102639 - Drain happens before other image-registry pod is ready to service requests, causing disruption 2102782 - topolvm-controller get into CrashLoopBackOff few minutes after install 2102834 - [cloud-credential-operator]container has runAsNonRoot and image will run as root 2102947 - [VPA] recommender is logging errors for pods with init containers 2103053 - [4.11] Backport Prow CI improvements from master 2103075 - Listing secrets in all namespaces with a specific labelSelector does not work properly 2103080 - br-ex not created due to default bond interface having a different mac address than expected 2103177 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces 2103728 - Carry HAProxy patch 'BUG/MEDIUM: h2: match absolute-path not path-absolute for :path' 2103749 - MachineConfigPool is not getting updated 2104282 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec 2104432 - [dpu-network-operator] Updating images to be consistent with ART 2104552 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack 2104561 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: "/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit"; expected: -rw-r--r--/420/0644; received: ----------/0/0 2104589 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce 2104701 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes 2104717 - NetworkPolicies: ovnkube-master pods crashing due to panic: "invalid memory address or nil pointer dereference" 2104727 - Bootstrap node should honor http proxy 2104906 - Uninstall fails with Observed a panic: runtime.boundsError 2104951 - Web console doesn't display webhook errors for upgrades 2104991 - Completed pods may not be correctly cleaned up 2105101 - NodeIP is used instead of EgressIP if egressPod is recreated within 60 seconds 2105106 - co/node-tuning: Waiting for 15/72 Profiles to be applied 2105146 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history 2105167 - BuildConfig throws error when using a label with a / in it 2105334 - vmware-vsphere-csi-driver-controller can't use host port error on e2e-vsphere-serial 2105382 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator 2105468 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. 2105937 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18 2106051 - Unable to deploy acm-ice using latest SRO 4.11 build 2106058 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers [4.11.0] 2106062 - [4.11] Bootimage bump tracker 2106116 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as "0abc" 2106163 - Samples ImageStreams vs. registry.redhat.io: unsupported: V2 schema 1 manifest digests are no longer supported for image pulls 2106313 - bond-cni: backport bond-cni GA items to 4.11 2106543 - Typo in must-gather release-4.10 2106594 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI 2106723 - [4.11] Upgrade from 4.11.0-rc0 -> 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device 2106855 - [4.11.z] externalTrafficPolicy=Local is not working in local gateway mode if ovnkube-node is restarted 2107493 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing 2107501 - metallb greenwave tests failure 2107690 - Driver Container builds fail with "error determining starting point for build: no FROM statement found" 2108175 - etcd backup seems to not be triggered in 4.10.18-->4.10.20 upgrade 2108617 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference 2108686 - rpm-ostreed: start limit hit easily 2110505 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate 2110715 - openshift-controller-manager(-operator) namespace should clear run-level annotations 2111055 - dummy bug for 4.10.z bz2110938 5. References: https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-19131 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/cve/CVE-2021-3481 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3672 https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4115 https://access.redhat.com/security/cve/CVE-2021-4156 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-23648 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-38593 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-41617 https://access.redhat.com/security/cve/CVE-2021-42771 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2021-44225 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1215 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1706 https://access.redhat.com/security/cve/CVE-2022-1729 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/cve/CVE-2022-29810 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYvOfk9zjgjWX9erEAQhJ/w//UlbBGKBBFBAyfEmQf9Zu0yyv6MfZW0Zl iO1qXVIl9UQUFjTY5ejerx7cP8EBWLhKaiiqRRjbjtj+w+ENGB4LLj6TEUrSM5oA YEmhnX3M+GUKF7Px61J7rZfltIOGhYBvJ+qNZL2jvqz1NciVgI4/71cZWnvDbGpa 02w3Dn0JzhTSR9znNs9LKcV/anttJ3NtOYhqMXnN8EpKdtzQkKRazc7xkOTxfxyl jRiER2Z0TzKDE6dMoVijS2Sv5j/JF0LRwetkZl6+oh8ehKh5GRV3lPg3eVkhzDEo /gp0P9GdLMHi6cS6uqcREbod//waSAa7cssgULoycFwjzbDK3L2c+wMuWQIgXJca RYuP6wvrdGwiI1mgUi/226EzcZYeTeoKxnHkp7AsN9l96pJYafj0fnK1p9NM/8g3 jBE/W4K8jdDNVd5l1Z5O0Nyxk6g4P8MKMe10/w/HDXFPSgufiCYIGX4TKqb+ESIR SuYlSMjoGsB4mv1KMDEUJX6d8T05lpEwJT0RYNdZOouuObYMtcHLpRQHH9mkj86W pHdma5aGG/mTMvSMW6l6L05uT41Azm6fVimTv+E5WvViBni2480CVH+9RexKKSyL XcJX1gaLdo+72I/gZrtT+XE5tcJ3Sf5fmfsenQeY4KFum/cwzbM6y7RGn47xlEWB xBWKPzRxz0Q=9r0B -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically |
| var-201202-0137 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely crash the library. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. The following products and versions are affected: Symantec Mail Security for Microsoft Exchange prior to 6.5.8; Symantec Mail Security for Domino prior to 8.1.1; Symantec Messaging Gateway prior to 10.0.1; Symantec Data Loss Prevention (DLP) prior to 11.6.1 Versions; IBM Notes 8.5.x versions; IBM Lotus Domino 8.5.x versions prior to 8.5.3 FP4 and others. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Autonomy KeyView File Processing Vulnerabilities SECUNIA ADVISORY ID: SA51362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to errors when processing unspecified file formats and can be exploited to corrupt memory. No further information is currently available. The vulnerabilities are reported in versions prior to 10.16. SOLUTION: Update to version 10.16. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC ORIGINAL ADVISORY: US-CERT VU#849841: http://www.kb.cert.org/vuls/id/849841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libpng security update Advisory ID: RHSA-2012:0317-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0317.html Issue date: 2012-02-20 CVE Names: CVE-2011-3026 ===================================================================== 1. Summary: Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk (MFSA 2012-11) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm ia64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.ia64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.ia64.rpm libpng-devel-1.2.7-9.el4.ia64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.ia64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.ia64.rpm libpng10-devel-1.0.16-10.el4.ia64.rpm ppc: libpng-1.2.7-9.el4.ppc.rpm libpng-1.2.7-9.el4.ppc64.rpm libpng-debuginfo-1.2.7-9.el4.ppc.rpm libpng-debuginfo-1.2.7-9.el4.ppc64.rpm libpng-devel-1.2.7-9.el4.ppc.rpm libpng10-1.0.16-10.el4.ppc.rpm libpng10-1.0.16-10.el4.ppc64.rpm libpng10-debuginfo-1.0.16-10.el4.ppc.rpm libpng10-debuginfo-1.0.16-10.el4.ppc64.rpm libpng10-devel-1.0.16-10.el4.ppc.rpm s390: libpng-1.2.7-9.el4.s390.rpm libpng-debuginfo-1.2.7-9.el4.s390.rpm libpng-devel-1.2.7-9.el4.s390.rpm libpng10-1.0.16-10.el4.s390.rpm libpng10-debuginfo-1.0.16-10.el4.s390.rpm libpng10-devel-1.0.16-10.el4.s390.rpm s390x: libpng-1.2.7-9.el4.s390.rpm libpng-1.2.7-9.el4.s390x.rpm libpng-debuginfo-1.2.7-9.el4.s390.rpm libpng-debuginfo-1.2.7-9.el4.s390x.rpm libpng-devel-1.2.7-9.el4.s390x.rpm libpng10-1.0.16-10.el4.s390.rpm libpng10-1.0.16-10.el4.s390x.rpm libpng10-debuginfo-1.0.16-10.el4.s390.rpm libpng10-debuginfo-1.0.16-10.el4.s390x.rpm libpng10-devel-1.0.16-10.el4.s390x.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm ia64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.ia64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.ia64.rpm libpng-devel-1.2.7-9.el4.ia64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.ia64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.ia64.rpm libpng10-devel-1.0.16-10.el4.ia64.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm ia64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.ia64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.ia64.rpm libpng-devel-1.2.7-9.el4.ia64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.ia64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.ia64.rpm libpng10-devel-1.0.16-10.el4.ia64.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm i386: libpng-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm x86_64: libpng-1.2.10-15.el5_7.i386.rpm libpng-1.2.10-15.el5_7.x86_64.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm i386: libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm x86_64: libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm i386: libpng-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm ia64: libpng-1.2.10-15.el5_7.i386.rpm libpng-1.2.10-15.el5_7.ia64.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.ia64.rpm libpng-devel-1.2.10-15.el5_7.ia64.rpm ppc: libpng-1.2.10-15.el5_7.ppc.rpm libpng-1.2.10-15.el5_7.ppc64.rpm libpng-debuginfo-1.2.10-15.el5_7.ppc.rpm libpng-debuginfo-1.2.10-15.el5_7.ppc64.rpm libpng-devel-1.2.10-15.el5_7.ppc.rpm libpng-devel-1.2.10-15.el5_7.ppc64.rpm s390x: libpng-1.2.10-15.el5_7.s390.rpm libpng-1.2.10-15.el5_7.s390x.rpm libpng-debuginfo-1.2.10-15.el5_7.s390.rpm libpng-debuginfo-1.2.10-15.el5_7.s390x.rpm libpng-devel-1.2.10-15.el5_7.s390.rpm libpng-devel-1.2.10-15.el5_7.s390x.rpm x86_64: libpng-1.2.10-15.el5_7.i386.rpm libpng-1.2.10-15.el5_7.x86_64.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-static-1.2.46-2.el6_2.i686.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm ppc64: libpng-1.2.46-2.el6_2.ppc.rpm libpng-1.2.46-2.el6_2.ppc64.rpm libpng-debuginfo-1.2.46-2.el6_2.ppc.rpm libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm libpng-devel-1.2.46-2.el6_2.ppc.rpm libpng-devel-1.2.46-2.el6_2.ppc64.rpm s390x: libpng-1.2.46-2.el6_2.s390.rpm libpng-1.2.46-2.el6_2.s390x.rpm libpng-debuginfo-1.2.46-2.el6_2.s390.rpm libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm libpng-devel-1.2.46-2.el6_2.s390.rpm libpng-devel-1.2.46-2.el6_2.s390x.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-static-1.2.46-2.el6_2.i686.rpm ppc64: libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm libpng-static-1.2.46-2.el6_2.ppc64.rpm s390x: libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm libpng-static-1.2.46-2.el6_2.s390x.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-static-1.2.46-2.el6_2.i686.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3026.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQqGfXlSAg2UNWIIRAvPAAKC5ML8Y7b6VjL034A1Z25dbaHQBeACbByBB 4I5iDRbA+wiPuXoUTrzz8EM= =Ow8Q -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This provides the corresponding update for Firefox. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Multiple vulnerabilities Date: June 22, 2012 Bugs: #373967, #386185, #401987, #404197, #410153 ID: 201206-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libpng might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. It is used by several programs, including web browsers and potentially server processes. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.5.10 >= 1.5.10 *>= 1.2.49 Description =========== Multiple vulnerabilities have been discovered in libpng: * The "embedded_profile_len()" function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). * The "png_format_buffer()" function in pngerror.c contains an off-by-one error (CVE-2011-2501). * The "png_rgb_to_gray()" function in pngrtran.c contains an integer overflow error (CVE-2011-2690). * The "png_err()" function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). * The "png_handle_sCAL()" function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). * The "png_decompress_chunk()" function in pngrutil.c contains an integer overflow error (CVE-2011-3026). * The "png_inflate()" function in pngrutil.c contains and out of bounds error (CVE-2011-3045). * The "png_set_text_2()" function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). * The "png_formatted_warning()" function in pngerror.c contains an off-by-one error (CVE-2011-3464). Workaround ========== There is no known workaround at this time. Resolution ========== All libpng 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10" All libpng 1.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2009-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063 [ 2 ] CVE-2011-2501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501 [ 3 ] CVE-2011-2690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690 [ 4 ] CVE-2011-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691 [ 5 ] CVE-2011-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692 [ 6 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 7 ] CVE-2011-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045 [ 8 ] CVE-2011-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048 [ 9 ] CVE-2011-3464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Description: XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. Description: SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPRKrLmqjQ0CJFipgRAjR7AJ9wJxfAe+llXmAUovEuWa1V5HBzAgCglUPx T7bG+jPIIPB8BIm1u7kA12Y= =Qz5/ -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-1367-1 February 16, 2012 libpng vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: libpng could be made to crash or run programs as your login if it opened a specially crafted file. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-5063) Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. (CVE-2011-3026) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libpng12-0 1.2.46-3ubuntu1.1 Ubuntu 11.04: libpng12-0 1.2.44-1ubuntu3.2 Ubuntu 10.10: libpng12-0 1.2.44-1ubuntu0.2 Ubuntu 10.04 LTS: libpng12-0 1.2.42-1ubuntu2.3 Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.5 After a standard system update you need to restart your session to make all the necessary changes |
| var-201912-0586 | This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. Apple macOS, watchOS, iOS and tvOS are prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple information-disclosure vulnerabilities 3. Multiple memory-corruption vulnerabilities Attackers can exploit these issues to execute arbitrary code, obtain sensitive information and cause denial-of-service conditions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Quick Look is one of the components used to view common resource files. A security vulnerability exists in the Quick Look component of several Apple products. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 iOS 12.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero FaceTime Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved validation. CVE-2019-8665: Michael Hernandez of XYZ Marketing Profiles Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A malicious application may be able to restrict access to websites Description: A validation issue existed in the entitlement verification. CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Carabaș and Răzvan Deaconescu of University POLITEHNICA of Bucharest Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Telephony Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection Description: A logic issue existed in the answering of phone calls. CVE-2019-8699: Marius Alexandru Boeru (@mboeru) and an anonymous researcher UIFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Wallet Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: A user may inadvertently complete an in-app purchase while on the lock screen Description: The issue was addressed with improved UI handling. CVE-2019-8682: Jeff Braswell (JeffBraswell.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of document loads. CVE-2019-8690: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of synchronous page loads. CVE-2019-8649: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative CVE-2019-8671: Apple CVE-2019-8672: Samuel Groß of Google Project Zero CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech CVE-2019-8677: Jihui Lu of Tencent KeenLab CVE-2019-8678: Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation, P1umer of ADLab of Venustech CVE-2019-8679: Jihui Lu of Tencent KeenLab CVE-2019-8680: Jihui Lu of Tencent KeenLab CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8683: lokihardt of Google Project Zero CVE-2019-8684: lokihardt of Google Project Zero CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative CVE-2019-8687: Apple CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3H8AxAA x7PkVYpHr8NsjIwvei5DcsiDtOTNCjfaFMpmfdwgCNvDOYj5L15F1QBDIrfUHkqi D+1H/oJNzLI7cD1/UqbFz5ZhnPoFtjASCnVvDBBfCfOtL3sYRYjbtUEKWFQOx7i2 BLwiUJIkg9pxdrU0Gw7dd8IgII9pK5zPwRgFfrHuNZrBnOkG6JPC9QX+PjP8RUC9 eRFuRzDYBk5UydpwkhWI3RxVg+BcZRh17TRc2gu3osAqPL8sE9FqXhUWQIMEmY78 gDkDEUKht002PLGiBP6LK3r9UXR5OEAu64nMJLBoXXMUX3GK77mN8mroEGJf48l3 C7wKrRg3j0T9N+EDNX/avl3n4r70ixhsGhKqJjqJMBEAhrBfQ/8aMFb0FdrdC3f8 GAxm57MetIE65YzbWmTZoUX0CS9MmKIj9JJMFqcxyP2jNibLbouzAH08N7eTktF/ fsLYrisu3srFalLFr22la4fwaLPYKMZ8huBONGttLhvFs+jYjFZCyzEXCXjyXuZi UjJ90aLnlqHKOQfeu865GAumDP5+9jVRDOpBTMFmR5pj86UCZttTDqMGmW2/EpQ/ LeOyNUGJlq5Lc35/R37YILE6FIjKcfwl3CDUsok1f8RUag5AtcU6s3LlNdzJ+szu 9SsbxcGzn+NbcDU4i53OHyNNkcECGdn86Y+MBPXYrek= =Eo2f -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About" |
| ID | Description | Publish Date | Update Date |
|---|---|---|---|
| jvndb-2022-002337 | UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions | 2022-08-23T14:31+09:00 | 2024-06-14T10:24+09:00 |
| jvndb-2022-000064 | Movable Type XMLRPC API vulnerable to command injection | 2022-08-24T15:58+09:00 | 2024-06-13T18:11+09:00 |
| jvndb-2023-001291 | Multiple vulnerabilities in Trend Micro Maximum Security | 2023-03-03T11:10+09:00 | 2024-06-13T17:06+09:00 |
| jvndb-2022-000045 | FreeBSD vulnerable to denial-of-service (DoS) | 2022-06-15T12:28+09:00 | 2024-06-13T16:31+09:00 |
| jvndb-2022-000066 | Multiple vulnerabilities in CentreCOM AR260S V2 | 2022-08-29T17:37+09:00 | 2024-06-13T16:21+09:00 |
| jvndb-2023-000044 | JINS MEME CORE uses a hard-coded cryptographic key | 2023-05-08T15:13+09:00 | 2024-06-13T16:19+09:00 |
| jvndb-2023-000042 | WordPress Plugin "Newsletter" vulnerable to cross-site scripting | 2023-05-09T14:42+09:00 | 2024-06-13T16:14+09:00 |
| jvndb-2022-000068 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure | 2022-09-05T15:22+09:00 | 2024-06-13T16:00+09:00 |
| jvndb-2022-002448 | Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows | 2022-10-11T17:02+09:00 | 2024-06-13T14:30+09:00 |
| jvndb-2022-002544 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-10-20T16:18+09:00 | 2024-06-13T13:58+09:00 |
| jvndb-2022-000067 | Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries | 2022-08-29T15:57+09:00 | 2024-06-13T13:53+09:00 |
| jvndb-2022-000070 | Movable Type plugin A-Form vulnerable to cross-site scripting | 2022-09-09T15:01+09:00 | 2024-06-13T13:49+09:00 |
| jvndb-2022-000069 | PowerCMS XMLRPC API vulnerable to command injection | 2022-09-02T15:49+09:00 | 2024-06-13T11:44+09:00 |
| jvndb-2022-002367 | OpenAM (OpenAM Consortium Edition) vulnerable to open redirect | 2022-09-16T15:30+09:00 | 2024-06-13T11:39+09:00 |
| jvndb-2022-000071 | Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service | 2022-09-14T18:15+09:00 | 2024-06-13T11:34+09:00 |
| jvndb-2022-000073 | Multiple vulnerabilities in EC-CUBE | 2022-09-15T16:30+09:00 | 2024-06-13T11:09+09:00 |
| jvndb-2022-000072 | EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files | 2022-09-15T16:13+09:00 | 2024-06-13T11:03+09:00 |
| jvndb-2023-000015 | Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G | 2023-02-13T14:48+09:00 | 2024-06-12T17:03+09:00 |
| jvndb-2022-002537 | Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE | 2022-10-19T16:23+09:00 | 2024-06-12T16:54+09:00 |
| jvndb-2022-000081 | Lemon8 App fails to restrict access permissions | 2022-10-19T14:08+09:00 | 2024-06-12T16:39+09:00 |
| jvndb-2024-000062 | Denial-of-service (DoS) vulnerability in IPCOM WAF function | 2024-06-12T15:03+09:00 | 2024-06-12T15:03+09:00 |
| jvndb-2022-000075 | IPFire WebUI vulnerable to cross-site scripting | 2022-10-06T13:05+09:00 | 2024-06-12T14:28+09:00 |
| jvndb-2023-000013 | Ichiran App vulnerable to improper server certificate verification | 2023-02-06T14:31+09:00 | 2024-06-12T14:25+09:00 |
| jvndb-2022-000074 | BookStack vulnerable to cross-site scripting | 2022-09-30T14:48+09:00 | 2024-06-12T14:07+09:00 |
| jvndb-2022-000077 | The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries | 2022-10-11T15:08+09:00 | 2024-06-12T12:12+09:00 |
| jvndb-2022-000076 | Growi vulnerable to improper access control | 2022-10-07T14:30+09:00 | 2024-06-12T12:04+09:00 |
| jvndb-2023-000017 | Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools | 2023-02-14T17:00+09:00 | 2024-06-12T11:15+09:00 |
| jvndb-2023-000012 | Vulnerability in Driver Distributor where passwords are stored in a recoverable format | 2023-01-31T14:14+09:00 | 2024-06-12T11:07+09:00 |
| jvndb-2023-000011 | SUSHIRO App for Android outputs sensitive information to the log file | 2023-01-31T14:10+09:00 | 2024-06-11T17:35+09:00 |
| jvndb-2023-001269 | File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center | 2023-03-01T16:59+09:00 | 2024-06-11T16:42+09:00 |